SOFTWARE DEVELOPMENT 




The Industry Newspaper for Software Development Managers 



SOFTWARE PIRACY COSTS BILLIONS 

Impact on ISVs devastating, says trade group 
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BY DAVID RUBINSTEIN 

News flash: The FBI has arrest- 
ed the founding member of the 
piracy ring Pirates With Atti- 
tude, after a tip by an informant 
led them into the group's hid- 
den site, where agents found a 
list of the group's leaders. 

News flash: Microsoft Corp. 
has filed software piracy law- 
suits against four Massachusetts 
companies and also has filed 
suit in Mississippi and Alabama, 
charging copyright infringe- 
ment and trademark violations. 

Software piracy is no small 
issue. The amount of lost rev- 
enue from sales totals $11 bil- 
lion each year, according to the 
trade group Software & Infor- 
mation Industry Association 
(www.siia.net). And that doesn't 
even address educational and 



entertainment software. A re- 
port by the Business Software 
Alliance (www.bsa.org) claims 
that in 1998, U.S. piracy alone 
cost the economy 109,000 jobs, 
$4.5 billion in wages and nearly 
$1 billion in lost taxes. Accord- 
ing to the group, 1 out of every 
4 pieces of software used in the 
U.S. is pirated. 

"Piracy is a serious threat to 
entrepreneurs, investors and cus- 
tomers," said Joyce Plotkin of the 
Massachusetts Software Council 
Inc. (www.swcouncil.org). 

ONE STEP AHEAD 

With the arrest of the Pirates 
With Attitude ringleader, one of 
the larger rings was brought 
down, according to SIIA's Mike 
Flynn, manager of the Internet 
► continued on page 30 



Set Your Defects Free 

SOFTWARE EMANCIPATION OFFERING OUALTTV-ASSURANCE SERVICES 



BY ALAN ZEICHICK 

"We're moving from quality 
control to quality assurance," 
said Bruce Boes, marketing vice 
president at Software Emanci- 
pation Technologies Inc. 

Citing the common figure 
that it costs $10,000 to fix a bug 
if a customer identifies it, but 
only $1,000 if it's caught in test- 
ing or $100 if corrected during 
development, Boes unveiled 
details of the company's new 
defect-testing service, Magnify. 



The Burlington, Mass.- based 
Software Emancipation (www. 
setech.com) is known for its 
quality-assurance products, in- 
cluding its flagship Discover 
test suite, which performs qual- 
ity analysis of ANSI C/C ++, 
Java, and Oracle, Sybase and 
Informix SQL code under Unix 
and Windows NT. 

According to Boes, Discov- 
er interprets the source code, 
producing a model of how the 
► continued on page 30 
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The Discover test suite from Software Emancipation Technologies is 
designed for guality assurance, not merely guality control, according to 
marketing vice president Bruce Boes. 



Java a Hot Topic at Embedded Systems Conference 

New product rollouts abound; attendance way up as companies compete for market share 

with automatic code generation 
and target device simulations. 
The environment for Windows 
and MacOS integrates with pop- 
ular integrated development en- 
vironments, including Code- 
Warrior and Visual Cafe. The 
company also announced the 
availability of Escape 4.0, a Web 
browser aimed at set-top boxes, 
automotive systems, Web pads 
and similar Internet-connected 
devices running most popular 
embedded systems, including 
Windows CE, Linux, VxWorks, 
QNXOS, EPOC32, Microware 
OS09 and pSOS. The SSL-com- 
pliant browser supports HTML 
4.0, forms, frames, tables, ap- 
plets, JavaScript and cascading 
style sheets. 

Artisan Software Tools Inc. 
(www.artisansw.com) released 
version 3.1 of its Real-Time 
Studio modeling suite, a set of 
tools designed to enable soft- 
► continued on page 14 



BY EDWARD J. CORREIA 

CHICAGO — Java was a domi- 
nant theme at last months Em- 
bedded Systems Conference 
East, with exhibitors touting ca- 
pabilities from simple support 
to pure Java real-time operating 
system (RTOS) kernels. 

Attendance was up at the 
conference, held at the Mc- 
Cormick Convention Center 
here. Conference officials esti- 
mated the combined crowd of 
exhibitors and attendees num- 
bered around 6,000; an exact 
breakdown was not available at 
press time. The show was esti- 
mated to draw roughly 3,950 at- 



tendees, a significant increase 
over last year's estimated 3,000. 

GET YOUR JAVA 

Esmertec ag (esmertec.com), a 
Switzerland-based company, 
has released Jbed, an RTOS 
kernel and Java Virtual Ma- 
chine (JVM) for Motorola 
PowerPC and 68K processors 
written in 100% Pure Java. The 
main advantages of a pure Java 
kernel, according to the com- 
pany, are small size, fast execu- 
tion and dynamic Java class 
loading. Jbed can be stored in 
as little as 8K bytes of memory 
and runs compiled (not inter- 
pretive) Java, which adds speed 
and reduces its footprint. The 
full operating system and de- 
velopers kit is available for 
$9,800 plus a volume-based 
royalty. The product supports 
C linking, and versions for 
ARM and NET+ARM proces- 
sors are expected this month 




The Blue Planet development platform 
enables Windows CE prototyping. 

with Intel and MIPS processors 
to follow, the company said. 

Making two Java-related 
announcements was Espial 
Group Inc., based in Ottawa 
(espial.com). The company re- 
leased what it claims to be the 
worlds first Personaljava RAD 
environment, plus a full-featured 
Web browser in a sub -800 K foot- 
print. Espial Architect 2.0 fea- 
tures a drag-and-drop interface 



Chris Dressier, Senior Program Manager, NORDSTROMshoes.com 

"So the challenge here was knowing 
the speed of how quickly we had to bring 
shoe vendors online." 




"We went from 6 to 10 to 
20 vendors and we're 
continuing down that road." 



'So how do we rapidly do 

the development to 
make all this happen?" 
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"Tools like Microsoft Visual InterDev and 
Visual Basic, laid on top of Windows DNA, allowed 
us to bring this site to market quickly." 
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Maybe you don't have the huge budget to integrate all your e-commerce applications 

with a proprietary solution. Sometimes a severe limitation opens up a whole new way of doing things. 

Today, more and more forward-thinking IT managers are solving the high cost of integration with TurboLinux. 

Our TurboCluster Server in the web farm can seamlessly put Solaris, NT, or Linux servers to common purpose. 

The accomplishments of TurboLinux have not gone unnoticed. 
TurboCluster Server won the 1999 Linux Journal Editor's Choice Award for Top Web Solution. 

Of course, TurboCluster Server is only part of the story. 

The same great engineering goes into our new Workstation and Server 6.0 products. 

We're happy to be able to leave you with this reassuring thought: build on what you have. 

Check out our website at www.turbolinux.com or call us toll-free at (877)-4TURB0LINUX. 



TURBDL NUX 

High Performance Linux 



©2000 TurboLinux and its logo are trademarks of TurboLinux, Inc. Linux is a trademark of Linus Torvalds. 
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The Home Depot of Components' 

Vendors expanding avai 



BY DAVID RUBINSTEIN 

Say you want to add a dormer 
onto your house. You could go 
to a lumberyard, buy the wood, 
climb up a ladder, rip the roof 
and stud out the framework. 
This, of course, is time-consum- 
ing and costly. Or, you could 
sub the job out to a company 
that will build the entire shell in 
a fraction of the time it would 
take you, leaving you to finish 
only the plumbing, electrical 
work and decor... the fun stuff 
that was really the only part you 
were interested in anyway. 

Now, let's say you're building 
an application and you need 
data encryption. You can have 
your development team spend 
a few hundred hours writing 
and testing code, or you can 
buy the functionality "off the 
shelf and save, save, save. 

The folks at Component- 
Source are counting on you to 
buy and save rather than build 
and spend, and they have built 
a burgeoning business selling 
off-the-shelf, ready-to-use soft- 
ware components. 

"It's like having a two-by- 
four," said Bill Wilkerson, vice 
president of market develop- 
ment for ComponentSource 
(www.componentsource.com) . 
"You can build a house any- 
where with it, because the 
building code calls for beams 
that are two-by-four." 

Wilkerson, in fact, calls Com- 
ponentSource "the Home Depot 



lability, markets for software pieces 

of components." He said Com- dows or Java, the market for 



ponent Source has more than 200 
component-authoring companies 
supplying the pieces, and there 
are more than 2,200 compo- 
nents available from its Web site. 

ComponentSource is making 
component shopping even easi- 
er by allowing companies to link 
to its catalog from an intranet via 
a new set of Extensible Markup 
Language interfaces, which are 
available in beta. This, the com- 
pany said, is the first step toward 
allowing companies to seamless- 
ly integrate their own develop- 
ment environments with the 
ComponentSource online com- 
ponent repository. 

"Also, anybody who does in- 
ternal development can post to 
our repository and everyone in 
their network can have access 
to them," explained Component- 
Source CEO Sam Patterson. 
Further, Patterson explained, 
ComponentSource will make a 
company's in-house component 
available on the open market if 
the company so desires. 

The concept of developing 
software applications with the 
use of components has been 
around for at least two 
decades — beginning with peo- 
ple trying to resell COBOL 
subroutines. The problem was 
that there was a limited number 
of platforms upon which you 
could use them. 

Today, with the number of 
systems supporting either Win- 



components has exploded. The 
key to this, according to one 
component vendor, is the wide- 
spread use of these platforms 
as well as interoperability be- 
tween components. 

Dave Rice, director of prod- 
uct marketing at component 
vendor Rogue Wave Software 
Inc. (www.roguewave.com), cit- 
ed several factors that are ratch- 
eting up the use of components. 
"We have seen a migration of 
the developer population get- 
ting away from a 'not invented 
here' bias," Rice said. "Time-to- 
market has become the overrid- 
ing issue." 

Another advantage to compo- 
nent use, he claimed, is that the 
customer base creates "a testing, 
feedback and optimization cycle 
that would take an individual de- 
veloper a tremendous amount of 
time to develop on their own." 

"You need data encryption? 
We have about 15 components 
for that," he said. "We have 
about five different credit-card 
authorization components." 

Wilkerson cited statistics that, 
he said, show it costs a company 
between $8,000 and $11,000 per 
programmer- month for a system 
engineer to do coding. 

Today, he said, for about 
$250, a company can buy com- 
ponents needed to do certain 
routines, dramatically lowering 
a company's costs while speed- 
ing up developments. "Why 



Xenix Returns 

MICROSOFT EMBRACES, EXTENDS 

BY I.B. PHOOLEN 

APRIL 1 — In a dramatic 
change in direction, industry gi- 
ant Microsoft Corp. has publicly 
pledged to embrace the open- 
source software movement. Un- 
veiling the company's new Lin- 
ux initiatives, president Steve 
Ballmer decreed, "The days of 
proprietary solutions are over." 

Sharing a stage with GNU 
Project founder Richard Stall- 
man at the Massachusetts Insti- 
tute of Technology, Ballmer an- 
nounced that the company will 
be releasing its Windows 2000 
operating system as open 
source, subject to the GNU 
Public License. "We made this 
decision last summer," said a 
company spokesman. 

Under the terms of the new 
Windows license, software discs 



OPEN-SOURCE MOVEMENT 

for Windows 2000 Professional 
and Server will be available for 
$35 for executable code only, 
and $70 for a two-disc set con- 
taining source code. Following 
usual open-source community 
practice, support will not be in- 
cluded in the package. Cus- 
tomers wishing support can sub- 
scribe to a support contract. 

Ballmer also demonstrated 
the company's forthcoming Mi- 
crosoft Office 2000 and 
Visual Studio 7 for Linux. 
"Many of our developers are 
Linux enthusiasts," he dis- 
closed. "They've been running 
Linux on their development 
stations for two years. Not only 
is Windows 2000 itself written 
in Visual J+ + ," he said, "but 
we've also created native Linux 
versions of Office and Visual 



Studio for in-house-use," said 
Ballmer, adding, "Now's the 
time to release those products 
into the mainstream." 

Also announced on April 1 
was that the forthcoming Win- 
dows Millennium Edition (Win- 
dows ME) is actually based on 
the Linux kernel, with DOS, 
Win 16 and Win32 compatibility 
layers and a port of the Win- 
dows Explorer user interface. 

"We'll be releasing the Win- 
dows compatibility source code 
for all major Linux and Unix 
ports," said Ballmer, singling 
out Sun's Solaris as the next tar- 
get for Microsoft's full line of 
business software. 

"Look for our own branded 
version of Linux to be released 
next year as a separate product," 
he added, hinting, "Now's the 
time to bring back the Xenix 
brand," referring to Microsoft's 
version of Unix, available in the 
late 1980s. I 



spend one-and-a-half months 
rewriting an application when 
you can buy the component off 
the shelf and be operable in 
one-and-a-half hours," Wilker- 
son said. 

Companies prefer to focus 
on a specific business problem 
rather than issues based on 
broad development, Rice said. 
"With horizontal problems, we 
can and do invest significant re- 
sources to a much greater extent 
than a single customer would be 
able to do," he said. 

Aside from making compo- 
nents available for sale, Compo- 
nentSource performs testing and 
product review, giving its seal of 
approval. And, it works with 
component authors to define the 
component, its potential sale 
price and any licensing require- 
ments that must be considered. 



Wilkerson sees a strong de- 
mand for EJB components, be- 
cause, he said, most corporate 
CIOs see Solaris as a more sta- 
ble platform than Windows, 
based on anecdotal informa- 
tion. In Europe, he said, the re- 
verse is true. There have not 
been many requests for compo- 
nents for Linux as yet, he said. 
Rice, on the other hand, said 
his company is seeing signifi- 
cant development projects in 
Fortune 500 companies based 
on Linux. 

Wilkerson said Component- 
Source is working with the Ob- 
ject Management Group Inc. 
(www.omg.org) as a sponsor of 
its component interoperability 
clearinghouse. "Standards will 
further drive and mature the 
market if the federal govern- 
ment adopts them." I 



STARBASE CAPTURES PREMIA 

Move aimed to add resources, fuel growth 

BY DOUGLAS FINLAY 
AND DAVID RUBINSTEIN 

Looking to reinforce its lineup 
of e-collaboration products 
while broadening its reach into 
the e- commerce application 
marketplace, StarBase Corp. 
has acquired software develop- 
ment company Premia Corp. in 
an all-stock transaction of 1.9 
million shares worth an estimat- 
ed $24.7 million. 

The acquisition will immedi- 
ately strengthen StarBase's en- 
terprise collaboration and con- 
figuration management family, 
StarTeam, through the addition 
of Premia's CodeWright source- 
code management application. 

StarBase CEO Bill Stow ex- 
pects the Premia acquisition to 
speed the growth of StarBase 
in the collaborative-develop- 
ment market. 

"Premia has outstanding 
products and technology," Stow 
said. "For us to take advantage of 
our position in the sweet spot of 
the e-business world, we have to 
grow fast. Our orders have out- 
paced our sales force. Premia, 
which already has a large tele- 
sales staff in place, will help us 
move that much more quickly." 

Stow pointed out the diffi- 
culty of finding top software en- 
gineers to help a company ex- 
pand, and said bringing in Pre- 
mia's staff of engineers will give 
StarBase a broader talent pool 
from which new solutions can 
rapidly develop. 

The acquisition positions 
StarBase (www.starbase.com) 
to extend its reach into Pre- 
mia's customer base, claimed 



to be more than 20,000 orga- 
nizations. 

"We realized the notion of 
collaborative tools a long time 
ago," Stow said. "Although we 
were seen as a software config- 
uration management company, 
competing against the likes of 
Rational, we never saw our- 
selves that way. We always were 
positioned for worldwide col- 
laboration of digital products." 

The acquisition infuses Star- 
Base's management team with a 
fresh shot of expertise: Premia 
co-founders Don Kinzer and 
Eric Johnson join StarBase as 
chief architects. Doug Root, 
Premia's director of sales and 
marketing, will be the compa- 
ny's vice president of marketing 
communications . 

Kinzer and Johnson created 
the popular CodeWright pro- 
gram, now seen as a comple- 
ment to StarBase's StarTeam 
product line. CodeWright is 
currently popular among devel- 
opers using Microsoft's Visual 
Studio, Inprise's C/C++ and J 
Builder, as well as IBM's Visual 
Age integrated development 
environments. 

Stow said his company will 
sell the StarBase and Premia 
products independently, and 
plans to offer an integrated 
model in the future. Technical 
support remains available for 
Premia products. "We plan to 
grow the Beaverton center 
rapidly," Stow said of the cur- 
rent Premia headquarters. 
"There are quality people there 
all across the board." I 
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An Exchange for Problem-Solving 

New CEO at HotDispatch sets course for online solutions 



IBM Corp. has joined with Cisco Systems Inc. to provide Cisco 
customers with IBM's host integration software, providing Web 
access to applications and data that reside on host computers. 
IBM's host integration products included in Cisco's Enterprise 
Associates Program are IBM Host On-Demand, IBM Personal 
Communications and IBM Host Publisher. Cisco customers 
who purchase (or have purchased) a TN3270 server can receive 
50 no-charge licenses of IBM Host On-Demand, which pro- 
vides Java-based terminal emulation from a standard Web 
browser . . . Prolifics, a division of JYACC Inc., has released Rose 
Panther Link, a Windows-based add-on to Rational Software 
Inc.'s Rose UML modeling tool, which integrates Rose with 
Prolifics' Panther component tool . . . Concurrent Computer 
Corp. promises to create a Linux version of its NightStar devel- 
opment tools and its C/C++, FORTRAN and Ada compilers. It 
will also release a Linux version of its PowerHawk integrated 
real-time computer system . . . ChiliSoft Inc. has released ASP 
for Linux, which provides compatibility with Microsoft's Active 
Server Pages format ... A new alliance and reseller agreement 
between BMC Software Inc. and Deloitte Consulting means that 
BMC solutions will be installed into Deloitte's network of glob- 
al solution centers as well as sold to Deloitte's customers. BMC 
has also launched its Affinity Partner Program to increase cus- 
tomer awareness of its collaborative efforts with ISV and ASP 
partners. Its new Software Developer Connection, formerly Pa- 
trol Developer Network, offers tool kits to aid in product devel- 
opment . . . Sun Microsystems Inc. has released the Java APIs 
for Extensible Markup Language Parsing, also known as JAXP; 
the APIs are available for free download from Sun's Java 2 Web 
site . . . Shaman Corp. has new software that closes the securi- 
ty holes that allow the placement of "zombie" agents. These up- 
dates stop hackers' ability to secretly link networked computer 
systems in distributed denial of service (DDoS) attacks . . . 
SAGA Software Inc. is providing Red Oak Software use of the 
Stingray and Mako technologies that SAGA acquired from Blue 
Lobster Software, from where Red Oak's principals came. 
Stingray is a Java-based legacy integration solution for Web-en- 
abling and programmatically automating 3270 and 5250 termi- 
nal applications. Mako automates the development of Java ap- 
plications that incorporate CICS transactional access . . . SCORT 
Software has teamed with GartnerGroup Inc. and Computer 
Generated Solutions to deliver forums on developing legacy- 
enabled e-business applications. The "Legacy Enabled E-Busi- 
ness Applications" Forum debuted in New York on March 8, 
with sessions in New Jersey, Chicago, Dallas, Atlanta, Los An- 
geles and Washington, D.C., to follow ... In the wake of its re- 
cent merger with Corel Corp., Inprise Corp. has entered into an 
agreement to sell its Scotts Valley facility for $47 million. As 
part of the agreement with ScalanKemperBard Inprise will 
lease back 44 percent of the facility . . . BizSpace Inc. has 
launched ASPconnection.com, a daily news and information 
source for the ASP industry . . . Citrix Systems Inc. has ac- 
quired Innovex Group for approximately $47.8 million in cash. 
Innovex is a privately owned e-business consulting service 
organization specializing in the design, development and imple- 
mentation of Web-based solutions and systems integration . . . 
Under a Sequoia Software Corp. and Semio Corp. partnership, 
Semio's multilevel directory structure will be integrated into 
Sequoia's XML Portal Server, giving customers the ability to 
conduct precise searches against text-based portal content . . . 
Oracle Corp. has joined the HR-XML Consortium, a nonprof- 
it group that will work toward the development of a standard 
set of XML vocabularies for human resource-related matters, 
including the posting of job openings to job banks and em- 
ployment agencies . . . Metrowerks Corp. has established the 
Metrowerks Professional Group to deliver consulting and 
training services to customers using CodeWarrior products 
and technology. 

► continued on page 18 



BY DAVID RUBINSTEIN 

HotDispatch Inc., provider of 
a Web-based service where 
companies post problems and 
experts earn cash for offering 
solutions, recently announced 
the appointment of Mike Kaul 
as its new CEO, charged with 
the mission of extending the 
company's vision of, as he 
called it, "an online, digital 
trading floor for the exchange 
of intellectual property." 

Here's the scenario, accord- 
ing to Kaul. A developer with a 
problem enters the Web site 
(www.hotdispatch.com), poses 
the problem, and says how 
much his or her company is will- 
ing to pay for the solution. Re- 
spondents offer solutions, and 
the requester can choose one. 
"This answers the questions of 
'Who do I pay and 'How do I 
get paid,' " Kaul said. When the 
question is posted, HotDispatch 
takes the credit-card informa- 
tion from the requester, but 
charges the card and forwards 
money to the solution provider 
(less a 15 percent commission) 
only after the customer is happy 
with the results. 



This service offers small 
companies access to the global 
army of developers, extending 
everyone's reach, Kaul said. 
"We fit in the space between the 
high-end, expensive support 
that you would pay a vendor for 
and a [Usenet] newsgroup," said 
Kaul, who joined HotDispatch 
after stints with Oracle Corp. 
and Attach mate Corp. 

HotDispatch has been live 
since October 1999, after it 
completed a $6 million round 
of funding. The plan now, ac- 
cording to Kaul, is to grow the 
company fast. 

"Developers like the notion 
of helping each other," said 
A.C. Ross, vice president of 
marketing at HotDispatch. "In- 
tellectually and emotionally, 
this fosters an open software 
environment. Getting [help] 
from peers has a lot of appeal." 

HotDispatch does not re- 
quire solution providers to reg- 
ister, and today's solution 
provider might be tomorrow's 
requester. After getting the so- 
lution, a requester can rate the 
solution provider in terms of 
working relationship, problem- 



solving capabilities and ease of 
understanding. 

HotDispatch ran a Java pilot 
program with Sun Microsys- 
tems Inc. from July to Septem- 
ber last year, and Ross said that 
the problems Sun's own Java 
developers had were solved 
thoroughly in a short amount of 
time. Ross boasted that Hot- 
Dispatch is the only third party 
linked from Sun's Java site 
(java.sun.com). 

Kaul said the response from 
software vendors has been pos- 
itive. Many are small compa- 
nies that cannot afford to spend 
large amounts of time and 
money on technical support. 
The responses are being 
archived, Kaul said, and could 
be shared, depending upon the 
partnership relationship with 
HotDispatch. 

The long-term vision, Kaul 
said, is to provide just-in-time 
solutions that will accelerate the 
software development process. 
"We can punch through a prob- 
lem so much more quickly with 
the resources we have that it 
will speed the development 
process," he said. I 



IBM UPDATES ITS MAINFRAME OPERATING SYSTEM 

New OS/390 2.9 adds features for e-business, host-to-Web integration 



BY ALAN ZEICHICK 

Microsoft Corp. and Sun Mi- 
crosystems Inc. aren't the only 
major vendors to update their 
flagship operating systems in 
the first quarter. In early 
March, IBM Corp. released an 
upgrade to its OS/390 operating 
system for its S/390 G5 and G6 
server family. 

Combined with hardware 
enhancements, says IBM, 
OS/390 2.9 improves system 
scalability, as well as the man- 
agement and integration of 
multiple diverse workloads in a 
secure environment. 

"Business process and ap- 
plication integration is critical 
to the speed-to-market re- 
quirements of e-business," said 
Mark Shearer, vice president 
of marketing for IBM's enter- 
prise servers. "IBM is provid- 
ing a fast track to exploiting the 
Web with tools and applica- 
tions that integrate existing ap- 
plications and systems. Today's 
top application developers are 
being attracted to IBM's enter- 
prise servers for their ability to 



manage the scalability and 
availability requirements of e- 
business," he said. 

New electronic commerce 
features of OS/390 2.9 focus 
on improved support for port- 
ing Unix C and C + + code to 
the mainframe, using a new 
Language Environment and 
OS/390 Unix System Services 
support. The Language Envi- 
ronment and Unix System Ser- 
vices will now support 64- 
bit integers. These enhance- 
ments, says IBM, will make it 
easier for customers and solu- 
tion developers to port Unix 
applications to the S/390 serv- 
er platform. 

IBM's WebSphere Applica- 
tion Server for OS/390 has also 
been enhanced as part of this 
new operating system upgrade. 
WebSphere now supports new 
industry standards for Java Serv- 
er Pages and Servlets. New 
OS/390 2.9 enhancements in- 
clude support for WebSphere 
Studio Tooling and VisualAge for 
Java Tooling. Other OS/390 2.9 
enhancements include access to 



DB2 data via the Java DataBase 
Connectivity (JDBC) protocol. 

As IBM continues to posi- 
tion its S/390 mainframes as 
servers rather than data crunch- 
ers, new LAN and PC integra- 
tion features in OS/390 2.9 bol- 
ster that claim. The company 
cites new native file and print 
server support for Windows- 
based workstations, using Mi- 
crosoft's Server Message Block 
(SMB) protocol. 

The operating system now 
takes advantage of IBM's PCI 
Cryptographic Coprocessor 
(PCICC), an optional feature 
of S/390 G5/G6 Enterprise 
Servers. According to the com- 
pany, use of a hardware-based 
crypto coprocessor improves 
the performance of secure Web 
sites: the PCICC card is 
claimed to increase the perfor- 
mance of SSL-based Web page 
serving by a factor of six. 

OS/390 2.9 was scheduled to 
be generally available on March 
31, and the S/390 G5 and G6 
server enhancements will be 
available on June 30. I 
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LightWork Design Ships MachineWorks 4.1 



Developers of 3D computer- 
aided manufacturing applica- 
tions using LightWork Design 
Ltd.'s rendering and CAD en- 
gines can now integrate solids- 
based five-axis and wire-Elec- 
trical Discharge Machining 
(EDM) capabilities into their 
applications, thanks to a new 
version of the company's Ma- 
chineWorks computer numeri- 
cal control (CNC) simulation 
and verification tool kit for Unix 
and Windows workstations. 

MachineWorks version 4.1 
now can perform vertical arc, 
helical and non-uniform ratio- 
nal B-spline (NURBS) cuts, 
and offers expanded tool holder 
support and rapid collision de- 
tection and rest-material identi- 
fication. 

With its new five- axis ma- 
chining capabilities, Machine- 
Works 4.1 permits machine sim- 
ulation and detection of ma- 
chine-to-stock and machine- 
to- machine collisions and per- 



forms complex integrated stock 
modeling. Other new capabili- 
ties include arc cuts in turning 
and mill-turn simulation, and 
chip removal, useful for split- 
ting solids into parts and remov- 
ing small disconnected areas of 
a solid after machining. 

LightWork (www. light work 
.com) has divided its software- 
development products into 
two divisions: Industrial Solu- 
tions, including software pack- 
ages for 3D visualization of 
models and processes; and the 
Kazoo Technology Group, 
providing products that add 
3D capabilities to Windows 
applications. 

Based in the U.K., Light- 
Work also has offices in Wal- 
nut Creek, Calif. The company 
markets software solutions for 
modeling, analysis and verifi- 
cation of the CNC removal 
process, and also supplies 3D 
rendering engines and design 
applications. I 



UPDATELIVE KEEPS SOFTWARE USERS CURRENT 



Utility uses Internet fo 

The bane of existence for soft- 
ware developers is update de- 
livery. A new product from 
Bennet-Tec Information Sys- 
tems Inc. uses the Internet to 
provide a solution. Update Live 
2.0 is a client- side utility that 
developers and software pub- 
lishers can use to keep applica- 
tions up to date. The product 
automatically checks an Inter- 
net-based file store at prede- 
termined intervals and down- 
loads any available updates. 

Bennet-Tec's LiveUpdate 
1.0 initially was able to keep 
only the company's own soft- 
ware current. The new update 
is designed for use by ISVs, and 
includes tools to assist ISVs in 
setting up their Internet servers 
to support clients needing soft- 
ware updates. 

"The goal of UpdateLive is 
to bolster software sales 
through increased customer 



r electronic delivery of product updates 



Test Company Teradyne Says r TestMyBeans' 

New suite examines EJB middleware prior to integration 



Will your Enterprise JavaBeans 
middleware scale? That's the 
question being asked by Test- 
MyBeans. com, a unit of Tera- 
dyne Corp. that claims to offer 
the industry's first software 
designed specifically for testing 
the functionality and scalability 
of EJB middleware prior to 
integration. 

Part of what complicates the 
testing of Web-based software 
is the time required to find and 
fix problems, said Walter Vahey, 
general manager of TestMy- 
Beans. com. "E-business devel- 
opers have had to test their EJB 
middleware application after it 
has been integrated," he said. 
Once JavaBeans are integrated 
into an application, finding scal- 
ability problems "can take 
months to debug and fix," said 
Vahey. Enterprise JavaBeans 
are preprogrammed chunks of 
business logic that provide de- 
velopers with a quick means of 
piecing together enterprise 
Web applications. The TestMy- 
Beans Product Suite permits 
developers to isolate and accu- 
rately test the JavaBeans apart 
from the rest of the system ap- 
plication, which, according to 
the company, has not been 
done before. 

The all-Java product runs on 
Unix, Linux, Solaris, Alpha and 
Windows NT platforms and is 
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TestMyBeans is an all-Java EJB test suite that isolates and tests Java- 
Beans prior to their integration into an application. 






- 



executed through a Web brows- 
er. TestMyBeans has been opti- 
mized for BE A WebLogic and 
IBM WebSphere, and was first 
announced in late February at 
the BEA Users Conference in 
San Francisco. According to 
company reports, developers 
set up testing by deploying EJB 
applications on the server or 
servers and by selecting a de- 



ployment descriptor and the 
number of virtual clients to in- 
voke. Virtual clients can be set 
up on a single server or mul- 
tiple servers spread across a 
LAN or WAN. 

Pricing for the TestMyBeans 
Product Suite begins at 
$20,000. Developers can down- 
load a free evaluation copy at 
www.testmybeans.com. I 
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UpdateLive tells which products are available for updating, the number of 
files to be downloaded, and offers the ability to preview details of the up- 
date before it occurs-via the Internet. 



satisfaction by keeping software 
versions current transparently," 
said Jeff Bennett, president of 
Bennet-Tec (www.bennet-tec 
.com). 

"Software feature enhance- 
ments and bug fixes may be 
deployed as soon as they are 
developed, helping to mini- 
mize technical support costs," 
he said. "Media and distribu- 
tion costs also can be reduced 
through electronic delivery of 
updates." 

UpdateLive is installed 
along with a software product. 
If the end user's system has an 
Internet connection, Bennett 
said, UpdateLive can either ask 



the user if an update check is 
desired or it can check auto- 
matically at intervals deter- 
mined by the ISV 

Files can be checked by ver- 
sion number or date. If updat- 
ed files are found, a user mes- 
sage is displayed listing the 
available updates with an op- 
tion to cancel or proceed. Re- 
placed files are stored in a 
backup directory to permit 
process reversal. The utility 
registers OCXes and runs exe- 
cutable s as necessary. 

UpdateLive is priced at 
$1,500 per application, with 
server-based volume pricing 
options available. I 



ORACLE 8i RELEASE 2 FOR LINUX 
AVAILABLE IN FREE DOWNLOAD 

SECURITY-ENHANCED VERSION WILL ADD JAVA 2, XML SUPPORT 



Oracle Corp., maker of the most 
popular database for the Web, 
has thrown its considerable 
weight behind the Linux oper- 
ating system with the recent an- 
nouncement of Oracle 8i Re- 
lease 2 for Linux, which will 
support Java 2 and Extensible 
Markup Language (XML) and 
feature other enhancements for 
e-business. The product was 
scheduled to be available on 
March 16 for free download at 
technet. oracle .com . 

"Oracle 8i Release 2 on Lin- 
ux will be the ideal open- 
source answer for companies 
looking to establish a powerful 
presence on the Web," said 
Michael Rocha, senior vice 
president of Oracle's platform 
technologies division. 

And Web developers, ac- 
cording to company estimates, 
seem to agree. Oracle says 
downloads of Oracle 8i for Lin- 
ux have outpaced those for 
Windows NT by nearly 20,000. 
Bolstered by that popularity, 



Redwood Shores, Calif.-based 
Oracle is seeking to be central 
to the needs of new Internet 
companies. 

According to Oracle, the 
new version will feature built- 
in analytical functions for data 
warehousing, including func- 
tions for data ranking ("find 
the top 10 performers"), cre- 
ation of moving and cumula- 
tive aggregates ("find the 52- 
week average"), period-over- 
period comparisons (this year 
vs. last) and ratio-to-report 
analysis (one month as a per- 
centage of the year). 

The tools are executed as a 
new set of SQL functions that 
are being considered by ANSI 
for addition to the SQL stan- 
dard. JServer, the integrated 
Java Virtual Machine in Oracle 
8i, now supports Java 2, XML 
and the Oracle XML Parser for 
Java. Security enhancements 
will include protection for data 
that is in storage and in transit, 
plus improved LDAP support. I 



www.sdtimes.com 



Software Development Times . April 1, 2000 



NEWS 



NTP Eases Way to Changes in Applications Management 

EASE designed to smooth transition to Windows 2000 platform 



Looking at developing applica- 
tions around a central configura- 
tion database? NTP Software 
Inc. thinks it has a better way, 
with EASE, its Enterprise Appli- 
cation Services Extension. Ac- 
cording to the company, EASE is 
a software foundation for enter- 
prisewide applications and ser- 
vices that provides a manage- 
ment infrastructure and devel- 
opment platform for distributed 
enterprise applications. EASE is 
similar in some aspects to Win- 
dows 2000's Active Directory, ex- 
cept that its focused on central- 
ized applications management, 
not user, system or network ad- 
ministration. EASE also runs on 
Windows NT 4 Server. 

Active Directory (AD) is the 
centerpiece of Microsoft Corp. s 
Windows 2000 Server operating 
system. Out of the Windows 
2000 box, AD acts as the reposi- 
tory for data about network de- 
vices and users, but Microsoft 
intends to use AD to store appli- 
cation configuration data for fu- 
ture versions of Exchange Serv- 
er and other BackOffice prod- 
ucts. The folks in Redmond also 
offer Active Directory Service 
Interface (ADSI), the APIs for 
third-party and enterprise devel- 
opers to use the AD data store 
and management tools for their 
applications. 

Why wait for Windows 2000? 
That's the message sent by NTP 
Software (www.ntpsoftware.com), 
whose EASE is also a hierarchi- 
cal data store that can be distrib- 
uted across the enterprise net- 
work. EASE-enabled applica- 
tions can use this data store for 
their configuration information, 
and thus can be centrally man- 
aged by NTP Softwares graphi- 
cal management tools. 

NTP Software positions 
EASE as a limited replacement 
for Active Directory, as well as 
an enhancement to it. Start us- 
ing it with Windows NT 4, says 
the company, to store applica- 
tion configuration data. After 
migrating to Windows 2000 and 
AD, enterprises can continue to 
use EASE's management tools, 
but move the EASE data store 
to Active Directory in order to 
exploit the Active Directory 
data replication mechanism. 

"EASE enables organiza- 
tions to reduce both adminis- 
trative and development over- 
head as they make the move to 
Active Directory," said Bruce 
Backa, president of NTP Soft- 



ware. "The technology EASE 
delivers is the result of many 
years of development effort 
that leverages the high level of 
technology expertise in our or- 
ganization addressing the needs 



of our clients and the market." 
NTP Software plans to config- 
ure its own packaged applications 
to use the EASE environment. 
One already available is the com- 
pany's RAS (remote access ser- 



vice) Manager. Later this year, 
the company promises to release 
an EASE software development 
kit that allows access to the 
EASE APIs, integrates customer 
applications into the EASE user 
interface and takes advantage of 
the EASE infrastructure. 

The EASE development en- 
vironment, according to the 



company, supplies developers 
with common code for distrib- 
uted configurations, enterprise 
reporting, event management, 
SNMP reporting and e-mail in- 
tegration. The EASE API is 
based on Microsoft COM and 
DCOM, and supports C/C++, 
Java, Visual Basic, VBScript, 
JScript, Perl and FoxPro. I 
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Microsoft Revamps SNA Server 

New Host Integration Server adds 
application, data, network connectivity 



NEW FEATURES IN MICROSOFT'S HOST INTEGRATION SERVER 2000 



BY ALAN ZEICHICK 

There's more to Microsoft 
Corp. s update to its SNA Serv- 
er suite than just a new moniker. 
The newly named Host Integra- 
tion Server 2000, which entered 
its first beta in late February, 
promises to add application, 
data and network connectivity 
features beyond that available in 
SNA Server 4, Service Pack 3. 
According to Microsoft, a sec- 
ond beta is planned for mid- 
spring, with general availability 
this summer. 

"With Host Integration 
Server 2000, Microsoft is 
helping customers solve their 
challenging integration needs. 
This product provides a con- 
solidated offering that focuses 
on a wide range of integration 
technologies," said Chris Ol- 
son, group product manager 
at Microsoft. "In addition, it 
extends the Windows DNA 
2000 platform to embrace 
host systems and allows our 
customers to choose the tech- 
nology appropriate for their 
unique integration needs." 



According to Microsoft, 
Host Integration Server 2000 
will provide support and inte- 
gration tools for back-end 
and host systems through in- 
creased ease of configuration 
for DB2 access, COM+ support 
for integrated CICS/IMS trans- 
actions, plus support for Mi- 
crosoft Message Queuing Ser- 
vices 2.0 and IBM's MQSeries 
5.1 for messaging-oriented mid- 
dleware integration. 

"There's a lot of new tech- 
nology in Microsoft's Host In- 
tegration Server," said Hebert 
David, group marketing direc- 
tor of WRQ Inc.'s Reflection 
family of host-access software. 
"It says [Microsoft] wants to 
make the Windows server plat- 
form more interoperable. The 
SNA component is still valu- 
able, but the vision behind 
Host Integration Server — the 
vision that there's something 
greater than an SNA gateway — 
is excellent for Microsoft and 
the market. They're charting a 
larger vision of what a business 
network is," David added. I 



SQL Server interoperability enhancements 

• Snapshot, incremental and merge replication 
from Oracle to Microsoft SQL Server 

• Snapshot and incremental replication from 
DB2 for AS/400 to SQL Server 

• Bulk data download of native AS/400 files 
to SQL Server via Microsoft Data 
Transformation Services (DTS) 

DB2 access enhancements 

• Greatly improved performance 

• Microsoft Distributed Transaction Coordinator 
(DTC)-driven support for DB2 for OS/390 and 
AS/400 via LU6.2 

• Improved configuration for DB2 access 

Other data interoperability enhancements 

• Support for AS/400 data gueues via COM 
automation control 

• Fast transfer of native AS/400, AS/36 and 
VSAM files via COM automation control 

COM Transaction Integrator (COMTI) 
enhancements 

• C0M+ support 

• Dynamic routing to configured host region 
based on program selection 

• Access to IBM's IMS database access via 
TCP/IP through IBM's Open Transaction 
Manager Access (OTMA) protocol 

• Improved performance tuning, monitoring 



Microsoft Message Queuing Services (MSMQ) to 
IBM's MQSeries bridge enhancements 

• Support for MSMQ 2.0 and MQSeries 5.1 

• Encryption between MSMQ clients and the 
bridge 

• Configuration wizard for easy install 

Host security enhancements 

• One-way password synchronization with 
RACF,ACF/2 and Top Secret 

• Better reliability, supportability via host 
security database based on MSDE 

Systems Network Architecture (SNA) gateway 
enhancements 

• Multiple sessions for 3270 clients 

• Better Web deployment of 3270, 5250 clients 

• Improved scalability of host print server 

• Load balancing and hot backup for 
LU6.2 2PC applications 

Administrative enhancements 

• Scriptable SNA gateway and MSMQ-MQSeries 
bridge configure/management based on WMI 

• Remote, Microsoft Management Console 
(MMC)-based, multiserver administration 

• Scriptable, modular setup based on 
Microsoft Installer 

• Direct TCP/IP setup option for data access 
providers at desktop 

Source: Microsoft Corp. 



Host Integration Server builds on SNA Server 4, Service Pack 3, released September 1999. Document 
Q236364 in the Microsoft knowledge base lists all the bugs swatted with the latest service pack. The 
service pack also provided a new OLE/DB Provider and ODBC Driver for DB2, enhanced MSMQ-to-MQ 
Series bridge, and an updated SDK. 
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Hot for answers? 



Head full of burning questions about 
Linux™, Java™, and more? Don't get all hot 
and bothered— HotDispatch them. 
Answers are blazing fast, and 
registration's free. Simply post your 
questions at a price that's right for you. 




Then, watch the answers pour in! Get 
inside the heads of the world's hottest 
Linux and Java developers. Head for 
HotDispatch.com™, where hot Java and 

Linux questions meet their match. 
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HotDispcftcn.com 
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MICROSOFT PUTS INTERNET EXPLORER IN ITS POCKET 

New PDA browser part of larger strategy to make Web more readable 



BY EDWARD J. CORREIA 

How will your company's Web 
site look to a PDA browser? As 
handheld Internet devices con- 
tinue to grow in popularity, that 
is a question more and more de- 
velopers should be asking, and 
one that Microsoft Corp. hopes 
to help answer with its strategy 
surrounding the Internet Ex- 
plorer for the Pocket PC pre- 
viewed at CeBIT in February. 

"Our goal for the Pocket PC 
Internet experience was to en- 
able customers to access all the 
Web sites they want," said 
Rogers Weed, director of mar- 
keting for mobile devices at Mi- 
crosoft. To that end, the technol- 
ogy will offer client-side features 
to optimize the browsing experi- 
ence, according to a company 



report. For example, the option- 
al Shrink-to-Fit feature will re- 
size a Web site to enhance view- 
ing on a small screen. The Smart 
Address Bar will automatically 
fill in URLs, and Auto- state will 
divert browsing to cached pages 
when the device is not connect- 
ed. The product also will sup- 
port XML, said the report. "In- 
ternet access on the Pocket PC 
will provide customers with the 
key functionality they have come 
to expect browsing on a standard 
PC," said Weed. 

To develop applications and 
plug-ins for Pocket IE, devel- 
opers will need to purchase the 
Windows CE Toolkit with ei- 
ther eMbedded VC++ or eM- 
bedded VB, depending on lan- 
guage preference. The Pocket 



PC SDK will be included with 
the Windows CE Toolkit. Cur- 
rently, the SDK is in beta and is 
scheduled for release along 
with the Internet Explorer for 
Pocket PC sometime in June; 
pricing is not yet set. 

Microsoft described its Pock- 
et PC strategy as having three 
main criteria: offline browsing, 
specialized content and tradi- 
tional online browsing. Offline 
browsers will be able to store 
Internet and intranet pages on 
the PDA for access while dis- 
connected, a feature that pro- 
vides an extra measure of secu- 
rity for corporate data and 
which can be kept up to date 
through Active Sync data syn- 
chronization, which is inherent 
to the operating system. Spe- 



cialized content is provided 
through AvantGo.com, which 
offers a free Internet service 
with pointers to PDA-optimized 
Web sites. A subscription ser- 
vice permits a PDA to keep 
pages in sync with Web sites. 
Traditional Web browsing will 
include support for SSL, HTML 
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Shrink-to-Fit technology will improve 
viewing experience. 



3.2, JScript development soft- 
ware and ActiveX. 

In a related story, Insignia 
Solutions Inc. (www.insignia 
.com) has released the Jeode 
Embedded Virtual Machine 
(EVM), a Java Virtual Machine 
for Windows CE that enables 
Internet Explorer 4.0 to run 
Java applets. The new product 
was unveiled at the Embedded 
Systems Conference in Chica- 
go last month and is the first 
product of its kind, says the 
company. The Jeode EVM is 
implemented as a plug-in ac- 
cording to the Personaljava 
specification. The company 
also released the Jeode plat- 
form version 1.6, which per- 
mits Embeddedjava technolo- 
gy developers to create, tune 
and deploy Jeode EVMs to 
their targets. Licensing and 
royalty pricing is available by 
contacting the company. I 



Wind River Plots Future Direction 

IN 2001, WILL COMBINE ITS OWN VXWORKS WITH NEWLY ACQUIRED PSOS 



BY EDWARD J. CORREIA 

CHICAGO — Developers using 
Wind River Systems Inc. s pSOS 
real-time operating system won't 
be able to for long. Following its 
recent acquisition of Integrated 
Systems Inc., Wind River plans 
to integrate the products and 
services of the two companies, 
including the gradual phasing 
out of ISI's pSOS and pRISM+, 
its companion integrated devel- 
opment environment (IDE). 

According to the plan, out- 
lined at the Embedded Systems 
Conference last month, Wind 
River's own RTOS, VxWorks, 
will evolve through a series of 
interim releases, picking up 
new features along the way, 
some of which were present in 
pSOS. Wind River also de- 
scribed the formation of a mi- 
gration team dedicated to as- 
sisting ISI customers using 
pSOS in making the transition 
using a free migration kit. 

The plan was outlined by 
Curt Schacker, vice president of 
marketing — at — With 



River 

(www.windriver.com). Schack- 
er's migration presentation fol- 
lowed an explanation by com- 
pany CEO Tom St. Dennis of 
the new organizational struc- 
ture that is now in place, in- 
cluding Wind River Consumer, 
a new business unit. Other 
units include TDI, short for 
Transportation, Defense and 
Industrial; Wind River Ser- 
vices, which will include the Dr. 
Design consulting firm ac- 



quired with ISI; plus Platform 
Engineering and Networks. 

The first interim release, 
code- named Cirrus, is scheduled 
for release in mid-2000, and will 
include Rogue Wave's next-gen- 
eration Tornado integrated de- 
velopment environment on a 
number of operating systems, in- 
cluding Linux. With the Cirrus 
release, VxWorks will incorpo- 
rate new memory protection 
technology for application isola- 
tion, plus unspecified features 
for high availability. The compa- 
ny described the technology as a 
method of partitioning system 
memory into domains for the 
kernel and applications; and for 
shared libraries and data regions. 

Later in 2000, the second in- 
terim release, code-named Stra- 
tus, will include an upgrade of 
pSOS version 2.5 and pRISM+ 
version 2.5. According to the re- 
port, Status will be compatible 
with the latest releases of its 
Diab compiler and SDS debug- 
ging tool. 

At the conference, the com- 
pany also proclaimed a vision for 
its Tornado IDE, positioning it 
as an emerging industry stan- 
dard, capable of developing for 
targets of all kinds. The company 
will continue to offer and sup- 
port both its Diab and GNU 
compilers, with Diab as its pre- 
mium product. 

Scheduled for release in 2001 
is the converged RTOS, code- 
named Cumulus, which will be 
the convergence point for pSOS 



customers, and will include the 
pSOSystem API and other 
unique features of pSOS, the 
company reported. 

Wind River's Schacker ad- 
dressed the growing popularity 
of Linux as an embedded plat- 
form, conceding that Linux 
"has gotten some traction in 
specific application segments, 
notably in embedded standard 
PC hardware" for applications 
such as point of sale, industrial 
PCs and Internet appliances as 
a replacement for embedded 
DOS and Windows NT. And 
while these are not Wind Riv- 



er's traditional markets, he said, 
"they present new opportuni- 
ties for the company." 

Schacker characterized Linux 
as an unsuitable replacement for 
VxWorks or pSOS for the em- 
bedded market because of the 
"high fragmentation of the [em- 
bedded] platform," due to the 
specialized hardware architec- 
ture and application profiles of 
each specific device. "The open- 
source model is not ideal for this 
market," asserted Schacker, a 
comment that drew head-shak- 
ing from at least one skeptic in 
the audience. 



"[Wind River] acts like only 
they are qualified to handle di- 
versity of hardware required in 
embedded," said Bill Weinberg, 
director of marketing at Monta- 
vista Software Inc., which devel- 
ops and markets Hard Hat Linux 
for embedded systems. "Embed- 
ded Linux covers about 90 to 95 
percent of the hardware," need- 
ed to build systems, he said, re- 
ducing the amount of nonrecur- 
ring engineering being done. 
"[Wind River] makes you adhere 
to their APIs and use their [Vx- 
Works] RTOS, which is nothing 
special," he said. I 



MontaVista Gets S9M in Funding 

Focuses on building a better Linux RTOS 



BY EDWARD J. CORREIA 

CHICAGO — Seemingly over- 
night, there are flocks of ven- 
dors hawking embedded Lin- 
ux... and that means confusion. 
But thanks to $9 million of new 
venture capital from US Ven- 
ture Partners and Alloy Ventures 
to work with, MontaVista Soft- 
ware Inc. believes it can differ- 
entiate itself from the pack. 

Founded in 1999, Monta- 
Vista (www.mvista.com) is en- 
deavoring to standardize on a 
real-time characterization of 
embedded Linux. "We are one 
of only a few companies with 
the competence to do that," 
boasted Bill Weinberg, Monta- 
Vista's director of marketing. 

The company's flagship offer- 
ing is Hard Hat Linux, a distrib- 
ution of Linux for PowerPC and 
Intel x86 processors. According 
to the company, Hard Hat linux 



is a standard, off-the-shelf binary 
distribution tailored for embed- 
ded software applications. 

In order to promote Linux as 
a real-time operating system, 
MontaVista has created a linux 
Real-Time Characterization Pro- 
ject, which plans to distribute 
performance- measurement data 
and tools for describing the real- 
time responsiveness of off-the- 
shelf Linux systems. The perfor- 
mance benchmark tests will be 
performed by MontaVista's own 
engineering staff. 

"The first step to using Linux 
in a real-time embedded appli- 
cation is to know if the Linux 
kernel running on your hardware 
can meet your hard response 
deadlines," said Kevin Morgan, 
MontaVista's vice president of 
engineering. "Standard Linux 
performs very well, even under 
load, for a range of real-time 



tasks. The work that MontaVista 
is performing will gauge and ex- 
tend that performance in context 
for developers, and bring stan- 
dard Linux into new application 
domains, including real-time 
process control, signal process- 
ing and many aerospace and de- 
fense applications," he said. 

MontaVista also plans to en- 
hance the standard Linux ker- 
nel for improved determinism 
and thread scheduling capabili- 
ty; the company claims that it 
will guarantee sub millisecond 
response times. MontaVista 
pledges that kernel enhance- 
ments and new components it 
develops will be contributed to 
the Linux community. 

MontaVista's revenue will 
come from subscription plans for 
Linux support, and porting and 
customization services; plus a tool 
suite and optimizing compilers 
for C and C++, debuggers and 
performance-monitoring tools. I 

Alan Zeichick contributed to 
this story. 
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ware design teams to automate 
captured software and system 
designs and integrate them into 
a complete process without dis- 
turbing an existing develop- 
ment environment. Reported 
enhancements to the new ver- 
sion include a twofold 
performance improve- 
ment, import capabili- 
ties for some Rational 
Rose model elements, 
and an enhanced Java 
code generator. 



DirectX 6.1 API, Windows Me- 
dia Technologies 4.0 and Win- 
dows Media Player 6.4. The 
tool kit will add on to Windows 
CE Platform Builder 2.12, the 
environment for configuring 
Windows CE for its targets. 
Developers now will have ac- 
cess to the DirectDraw API, 
which offers access to display 
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WINDOWS CE 

For Microsoft Corp.'s 
small form-factor em- 
bedded platform, In- 
signia Solutions Inc. 
(www.insignia.com) in- 
troduced the Jeode 
platform version 1.6, 
a product that it claims 
is the first JVM inte- 
grated with Internet 
Explorer 4.0 for Win- 
dows CE. The Jeode 
Embedded Virtual 
Machine works as an 
IE4 plug-in and per- 
mits the new browser 
to execute Personaljava ap- 
plets, said the company. Along 
with the Jeode platform, In- 
signia provides a set of opti- 
mization and performance 
measurement tools that enable 
developers to tune the JVM to 
best suit specific targets. 

Fonix Corp., a developer of 
speaker-independent, noise-tol- 
erant speech recognition sys- 
tems, has announced FAAST 
Embedded, the Fonix Applica- 
tion Accelerator Speech Toolkit, 
a tool for the rapid development 
of speech recognition and text- 
to-speech applications running 
on the Windows CE platform. 
Fonix (www.fonix.com) was 
demonstrating a prerelease ver- 
sion at the show and is sched- 
uled to begin shipping the prod- 
uct this quarter. The company's 
core technology, which is cur- 
rently being deployed in embed- 
ded applications and products, 
has small footprint and low pow- 
er requirements, and has been 
ported to seven different micro- 
processors, the company said. 

In mid-April, Microsoft will 
ship DirectX Platform Adapta- 
tion Kit (DXPAK) version 1.1, 
which brings DirectX to the 
Windows CE platform, open- 
ing devices running Windows 
CE to audio and video stream- 
ing content. 

DXPAK 1.1 is based on the 
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hardware while maintaining 
compatibility with the Win- 
dows GDI; DirectSound and 
WaveOut Win32 APIs; the Di- 
rectShow API, which enables 
network and local MPEG, AVI, 
WAV, and MIDI playback; and 
Windows Media Technologies, 
which includes Microsoft's Ad- 
vanced Streaming Format. 
Compatible targets include In- 
tel x86, MIPS R4300 and com- 
patible, and Hitachi SH-4. 

iGS Technologies Inc. 
(www.igst.com) said Microsoft 
will support its CyberPro 5000 
broadband streaming media 
chip with the DirectX Platform 
Adaptation Kit. The develop- 
ment platform will include sam- 
ple drivers to permit applica- 
tions to run on CE-based set-top 
boxes based on the company's 
chip. According to the company, 
the CyberPro 5000 is a high-end 
processor that combines a hard- 
ware graphics accelerator with a 
programmable NTSC/PAL TC 
encoder, which provides inte- 
grated scaling, de -interlacing 
and time-based correction, plus 
an audio processor. 

BSquare Corp. (www.bsquare 
.com) unveiled its CE Go pro- 
gram for developers of intelli- 
gent computing devices based 
on Windows CE. The program 
bundles B Square's products 
and services with the Microsoft 



CE licensing and Platform 
Builder, giving developers a 
faster path to market, the com- 
pany said. The package is avail- 
able now for $3,450. 

LINUX 

Computer I/O Corp. (www 
.computerio.com) released what 
it calls the industry's first real- 
time data streaming 
server based on Lin- 
ux. The Easy I/O 
Server incorporates 
middleware technolo- 
gy developed by the 
company and can be 
configured through a 
browser. The Easy 
I/O middleware tech- 
nology also is avail- 
able to developers us- 
ing Windows NT with 
a browser-based hard- 
ware configuration in- 
terface, and features a 
C-callable API and 
the company's patent- 
ed Virtual File System 
for accessing real- 
time data streams, the 
company said. Com- 
puter I/O also report- 
ed an alliance with 
MontaVista Software 
Inc. (www.mvista.com) to use its 
Hard Hat Linux as an embed- 
ded platform for its Easy I/O 
product line. 

Enterprise solutions provider 
I-Logix Inc. is a new partner with 
MontaVista Software, and will 
use Hard Hat Linux for embed- 
ded applications developed using 
I-Logix's Rhapsody application 
development environment, the 
company said. I-Logix also re- 
ported that it will work with 
MontaVista's sales, marketing and 
development teams to integrate 
the two companies' products, 
which will be cross-bundled. 



The LynxOS and BlueCat 
linux operating systems of Lynx 
Real-Time Systems Inc. (www 
.lynx.com) will run Packet- 
Stream Inc.'s (www.packetstream 
.com) Synchronous Packet 
Streaming (SPS) solution, 
which is currently in beta. The 
SPS solution provides classifica- 
tion, policing and dynamic 
bandwidth management of 
voice, video, data and multi- 
media traffic over IP networks. 

QNX Software Systems Ltd. 
and Real Networks Inc. will al- 
low OEMs to add RealPlayer 7 
to QNX embedded systems. 
According to a company report, 
QNX (www.qnx.com) also has 
integrated RealPlayer in its 
QNX Nutrino RTOS multime- 
dia suite, which will permit em- 
bedded devices to support 
DVD, MPEG 1 and 2, MP3, 
CD Audio and 3D gaming. 
QNX also unveiled its vision of 
a digital future in which de- 
vices are no longer "fixed- func- 
tion" boxes, but dynamic, ex- 
tensible devices, capable of be- 
ing enhanced with new 
protocols, applications and dri- 
vers. QNX released a report 
outlining a three -part strategy 
for providing a technology 
framework to achieve that end, 
including use of a standard API, 
compatibility with Linux, and a 
unique operating system that 
will permit third parties to add 
functionality. 

HARDWARE 

Embedded Planet (www 
.embeddedplanet.com) is now 
shipping its Blue Planet, a new 
development environment based 
on the Motorola PowerPC 
PMC8xx family of microproces- 
sors and certified for Windows 
CE. The Blue Planet develop- 
ment environment includes an 




The QNX Photon micro-GUI windowing system gives developers a point- 
and-click environment to create scalable apps. 



embedded PC-104 form factor 
board with a PowerPC 823e 
processor, 640x480 color touch- 
sensitive LCD, infrared key- 
board and trackball, a Windows 
CE image with desktop, Pocket 
Internet Explorer, Pocket Inbox, 
Pocket Word and standard Plat- 
form Builder demo applications. 
Also included are 16MB flash 
memory, 16MB SDRAM, a 
10Mbps Ethernet controller, an 
RS232 channel, a separate de- 
bug channel, a PCMCIA chan- 
nel and 16-bit sound support. 

Mercury Computer Systems 
Inc. is working with Motorola 
to develop RapidIO, a new 
switched- fabric interconnect 
architecture that will permit 
embedded chip-to-chip and 
board-to-board communication 
speeds starting at lGbps and 
scaling to hundreds of times 
that, the company reported. 
Mercury Computer Systems 
(www.mc.com) supplies scal- 
able digital signal processing 
systems for embedded comput- 
ing and has been developing 
switched fabrics since 1994. 
With networking players Cicso, 
Lucent, Nortel and others al- 
ready on board, the company is 
seeking additional support to 
form the RapidIO Trade Asso- 
ciation (www.rapidio.org) in the 
hopes that its new interconnect 
technology will be adopted as 
an open standard. 

Microchip Technology Inc. 
introduced the Embedded Pro- 
totype Pack, a product design 
kit that includes a variety of 
product samples and documen- 
tation to aid in the creation of 
flash-based microcontroller de- 
signs. For $29, developers re- 
ceive five flash microcontrollers 
of various memory and package 
sizes, two different operational 
amplifiers and two different 
precision system supervisors. 
The kit can be purchased from 
the company's Web site at 
www.microchip.com. The com- 
pany also announced two one- 
time programmable MCU de- 
vices with support for USB 1.1 
that will work with its PICmicro 
8-bit microcontrollers. Samples 
are scheduled for May and 
general availability for August. 
Quantity- 1,000 prices will be 
$2.84 each for the PIC16C745 
and $3.69 each for the 
PIC16C765. 

Zilog Inc. (www.zilog.com) 
introduced the eZ80 Internet 
Engine, an 8-bit microproces- 
sor that the company claims is 
four times faster than the origi- 
nal Z80 when running at the 
► continued on page 15 
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same clock speed, and that rivals the 
performance of some of today's 16-bit 
chips. Primarily targeted at Internet ap- 
pliances and household LANs, the prod- 
uct also is well suited for the modem 
controller market as well as PDAs and 
commercial WAN applications, the com- 
pany reported. The eZ80 can address as 
much as 16MB RAM, and Zilog's licens- 
ing program permits architectural modi- 
fications to the chip. I 




Computer l/O's Browser-configurable Easy I/O 
Streaming Server is based on Linux. 



Lineo Partners With emWare, Insignia 

Will integrate lightweight networking with Embedix 

terconnected home-based appliances 



BY EDWARD J. CORREIA 

Embedded Linux supplier Lineo Inc., 
has partnered with embedded tools 
manufacturer emWare Inc. and will 
help further emWare's efforts to bring 
the Internet to every device. 

Lineo sells and markets Embedix 
Linux, a component-based version of 
Linux for embedded devices that 
the company plans to integrate 
with emWare's (www.emware.com) em- 
Microgateway, a software interface for 
connecting lightweight networks to 
WAN -based ones. "Lineo's technology 
is a natural fit for set-top boxes and 
home gateway servers," said Michael D. 
Nelson, CEO of emWare, based in Salt 
Lake City. "Lineo and emWare provide 
highly complementary products," said 
Brian Sparks, CEO of Lineo. "The com- 
bination of Lineo embedded system 
software with emWare's device network 
technologies creates a stable base for 
small network- attached devices." 

The emMicrogateway provides a 
memory-efficient means for giving in- 



access to the Internet, and is part of a 
larger tool set known as EMIT. Short 
for Embedded Micro Internet Technol- 
ogy, EMIT is a device networking sys- 
tem and SDK that Internet device de- 
velopers can use to create connectivity 
solutions between devices based on 8- 
and 16-bit microcontrollers over light- 
weight networking schemes such as RS- 
485, RF, IR and Powerline. 

Lineo also has entered into an 
agreement to bundle the Jeode devel- 
opment platform from Insignia Solu- 
tions along with its Embedix SDK. Ac- 
cording to Insignia, Jeode is an acceler- 
ated implementation of Personaljava 
and Embeddedjava following Sun Mi- 
crosystems' specifications for the plat- 
form. The product was being demon- 
strated side-by-side with an unacceler- 
ated implementation at the Embedded 
Systems Conference in Chicago in 
March. The results dramatically 
demonstrated improved performance 
of the accelerated platform. I 



'Embedded Linux Consortium' 
Meets to Promote Use of OS 



CHICAGO — The Embedded Linux 
Consortium Formation Committee held 
its first meeting at the Embedded Sys- 
tems Conference here with the goal of 
moving swiftly toward getting the group 
established. The ELC will be "a proac- 
tive consortium to promote the use of 
Linux in embedded applications... and 
expects to [be] viable very soon," said 
temporary executive director Murry 
Shohat. Rick Lehrbaum will be the act- 
ing chairman. Lehrbaum is a journalist 
and former executive vice president of 
strategic development at Ampro Com- 
puters Inc., a manufacturer of embed- 
ded computer modules, software and ac- 
cessories, and founder of the Web portal 
LinuxDevices.com. 

According to documents released pri- 
or to the meeting, the organization's mis- 
sion will be twofold. First, the group 
wants to "create a market perception 
that instead of there being two main op - 
tions for embedded operating systems 
(Microsoft and non-Microsoft), there 



will be three: Microsoft, Linux and 'oth- 
er.' " The second part of its mission will 
be to make Linux the first choice for de- 
signing embedded systems. 

The documents also proposed a num- 
ber of guidelines for admission to the 
noncommercial consortium, including 
dues and an estimated budget and mem- 
bership. Shohat indicated that a surpris- 
ingly large group met and committed re- 
sources to the project. 

Of the 75 attendees at the meeting, a 
total of 16 organizations agreed to im- 
mediately join the Formation Commit- 
tee and pledge the $5,000 start-up fee, 
including: Accelent, Cendio, Centura, 
Coollogic, Infomatec, Lineo, Linux- 
Devices. com, Lynx, MontaVista, Mo- 
torola, NewMonics, QNX, Red Hat, 
TimeSys, Transvirtual and TrollTech. 
There may be as many as four addition- 
al companies admitted to the committee 
that were present at the meeting. The 
deadline for charter membership in the 
ELC, once formed, is April 1. I 
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EDITORIALS 

Shoplifters in Your E-Store 

In the March 15 issue, we first reported about security 
breaches in Web-based e-commerce ("Shopping Cart 
Security Holes Leak Real Dollars," page 12). In February 
and March, the mainstream press reported on hacker at- 
tacks against many well-known dot-com storefronts. 

Those attacks and security breaches weren't the first, 
and they won't be the last. Who's to blame? Hackers and 
electronic shoplifters, yes. But our own impatience plays 
into their sticky fingers. Impatience to launch our com- 
merce site. Impatience to get the drop on the competi- 
tion — or just to begin catching up. Impatience to begin 
trading with a new set of partners using a vertical portal. 

The truth is, any nontrivial Web-enabled application is 
complex. What happens when you have multiple Web servers 
communicating with several application servers talking to a 
large number of interlinked databases? When the three-tied 
architecture becomes a mesh, the number of combinations 
makes the creation of security policies complex, and the test- 
ing of those policies even more so. 

Then add a new wrinkle: Some of those Web, applica- 
tion or database servers don't belong to you. They belong 
to your partners or to your suppliers. Now, how are you 
going to guarantee to your CEO that yes, the transactions 
are secure? Especially when so much data is transmitted 
in plain English, such as within many HTML or XML 
messages, without integrity checks. Or even a clear idea 
as to which application^ ) are responsible for validating 
and authenticating the XML messages. 

That's not to say that you should give up. On the con- 
trary. It's nearly impossible to retrofit effective security on 
a nontrivial n-tiered project. The only way to make sure 
you're not giving away the store to some sticky-fingered 
hacker is to be less impatient. Design the security policies 
early, and test them at every stage of the plan. Should you 
be paranoid? Yes. Of course. 

It's better than being impatient. 

Piracy. Who Cares? 

For years and years now, we've all been seeing the oc- 
casional news report about software piracy. Big disc- 
duplicating ring busted in Hong Kong. Medium-sized 
business pays fines. Millions of dollars are lost, the reports 
always say, along with good old American jobs. 

Some ISVs don't mind — they look at pirated software 
as a marketing tool. Sure, use the software for free... for 
now. But if you want support, you'll have to register and 
pay. (That brings up the whole issue of software develop- 
ers now being incented to create products which require 
support. But that's another story.) 

Other vendors take a less sanguine view of piracy, par- 
ticularly when the software is expensive, runs on a desk- 
top PC rather than a server, and it has only a limited mar- 
ket to begin with. 

According to our page 1 story, the latest reports say that 
U.S. piracy cost the economy 109,000 jobs in 1998. 
Frankly, it's hard to believe that figure. Many of the pirat- 
ed copies would never have been purchased in the first 
place, and software companies often figure piracy into 
their sales projections. 

But that doesn't make it right. And that's one reason 
why we'll keep running these stories. I 
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COMPETITIVE ADVANTAGE IN THE NEW ECONOMY 



The Internet not only has al- 
tered the way we shop and 
learn, it has dramatically influ- 
enced how we conduct and de- 
ploy a successful business. 
Businesses of all sizes — from a 
small retail venture to a world- 
wide financial enter- 
prise — face new IT pres- 
sures as they race to in- 
corporate sophisticated 
Internet-enabled trans- 
action-oriented applica- 
tions that are designed, 
developed and imple- 
mented in warp speed. 

New tools are needed to al- 
low IT departments to build 
and deploy applications that run 
on all available platforms — from 
Unix, Linux and Windows NT 
servers to legacy mainframe sys- 
tems, which still run 70 percent 
of today's mission-critical appli- 
cations. The stakes are high. Re- 
cent high-profile e-commerce 
"crashes" — the nightmare of 
any e-business venture — have 
been ultimately attributed to 
software application problems. 

Problems do not stop 
there — text and graphics in a 
Web site are changing even 
more frequently and also need 
to proceed through an ordered 
approval process. The chal- 
lenge faced by enterprises com- 
peting in the digital economy is 
to manage the volume of 
change and enormous complex- 
ity, while moving faster, smarter 
and more cost effectively. 

Centralized control over 
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changes to complex enterprise 
systems is mandatory to ensure 
uptime and availability, manage 
costs, and speed time-to-market 
with new initiatives. Automated, 
end- to- end Software Change 
Management (SCM) offers sig- 
nificant and measurable 
value, yet is too often 
overlooked in the rush to 
keep pace with dynamic 
business models that 
continue to test the capa- 
bilities of even the best- 
designed IT systems. 
A recent Yankee 
Group Report, "Empowering E- 
Business Development Through 
Effective Software Change 
Management," outlined the 
many benefits that a compre- 
hensive SCM solution brings to 
the e-commerce IT environ- 
ment. The report presented the 
results of a series of customer 
surveys geared to determine the 
impact of SCM products in key 
areas of application program- 
ming support, directly related to 
developing and maintaining typ- 
ical e-business applications. For 
SCM users, the improvements 
were dramatic: increased up- 
time and reliability, 28 percent; 
reduced time-to- market for new 
applications, 23 percent; re- 
duced programming hard costs, 
19 percent; and reduced devel- 
opment time, 16 percent. 

These dramatic benefits are 
delivered by automating manual, 
error-prone activities; tracking 
component and content changes 



and their interrelationships to 
ensure application integrity; en- 
forcing consistent processes for 
change with the necessary flexi- 
bility to address varied business 
needs; and enabling large teams 
of contributors and developers to 
work in parallel without compro- 
mising speed or quality. 

The Yankee Report (www. 
serena.com/pdf/CMN-Yankee 
Group.pdf) clearly identified the 
benefit of implementing a single 
point of control for managing 
change across all major plat- 
forms from the mainframe to the 
Web, while coordinating soft- 
ware and content changes. This 
is important in business today, 
because as large enterprises con- 
tinue to "Webify" their mission- 
critical legacy applications, they 
will have to do so across a multi- 
tier architecture with compo- 
nents running on the mainframe, 
with Unix, Linux and Windows 
NT servers and Web clients. 

To capitalize on new opportu- 
nities in the Internet economy, 
change is necessary for business 
success — chaos is not. Solutions 
that offer control of not only the 
demanding application develop- 
ment process, but also real-time 
Web development, provide a 
company with a measurable 
competitive edge, as they in- 
crease quality and reliability and 
improve time-to-market. I 

Richard Doerr is president and 
CEO of Serena Software Inc. 
Reach him at rdoerr@serena.com. 



FROM THE EXECUTIVE EDITOR 

A CASE OF HYPE-NOSIS 



And now a word from BZ 
Media, the worldwide pro- 
vider of SD Timesf the premier, 
best-of-breed, industry-leading, 
soon-to-be-award-winning news- 
paper of record for the software 
development industry. 

I mention those things, 
tongue-in-cheek, to differenti- 
ate our newspaper from those 
other periodicals that are dot- 
ting the dot-com landscape. 
But I know that once readers 
become familiar with our paper 
and get into the habit of reading 
us twice each month, they will 
see why we are different, with- 
out our having to make boister- 
ous claims. 

I also know that with high- 
tech companies springing up 
about as quickly as a cake freak 



at a Viennese table, they feel 
compelled to do something, ut- 
ter some pithy slogan, in their 
announcements to set 
themselves apart in a very 
crowded field of players. 

We have seen in re- 
cent months a spate of 
product announcements, 
partnership deals and 
venture fundings that 
you would think, by 
their tone, are heralding in the 
next great era of technological 
wonder. Neil Armstrong's walk 
on the moon didn't get the vol- 
ume of hype that precedes a 
version 6 rollout. 

Here are just a few of the 
many releases that have come 
through our offices in the past 
few weeks: 
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"Recognition Systems ... a 
worldwide leader in the devel- 
opment of customer experience 
management..." 

First of all, I didn't recognize 
the company. And, what is the 
development of customer expe- 
rience management? 

"Sage Software, the 
leading provider of PC- 
based accounting solu- 
tions in the U.S...." 

Do their accoun- 
tants have any way of 
validating that boast? 
What about server- 
based accounting solutions... 
will some other company stake a 
claim to that title? 
This one's a beauty: 
"Push, the industry's first Total 
Service Provider (TSP) and the 
California Central Coast's only 
Platinum Citrix Integrator. . ." 
I guess other companies al- 
► continued on page 17 
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THE BIG-PICTURE VIEW OF ECOMMERCE 



E -commerce means shop- 
ping carts. E-commerce 
means extranets linking trading 
partners. E-commerce means 
procurement over the Internet. 
E-commerce means open-stan- 
dards-based EDI. E-com- 
merce means the disintermedi- 
ation of traditional distribution 
channels, but then reinterme- 
diation with new distributors 
and resellers. E-commerce 
means improved interaction 
between original manufacturer 
and final customer. 

E-commerce means any- 
thing and everything — and 
makes it difficult for software 
development managers strug- 
gling with carrying out a CEO 
directive, "Find an e-commerce 
solution." Before you can do 
that, it's helpful to understand 
the full spectrum of what e- 
commerce means, and what it 
can mean for your business. 

In "Exploring E-com- 
merce, Global E-business, and 
E-societies," Craig Fellenstein 
and Ron Wood take the big 
picture view of the world of 
electronic commerce. 

In a dry and humorless pre- 
sentation style more suitable for 
a PriceWaterhouseCoopers or 
McKinsey executive report 
than a trade paperback, the au- 
thors embark on a higher-level 
voyage, first defining the differ- 
ent types of e-commerce, dis- 
cussing how e-commerce can 
help improve a business's bot- 
tom line, and finally how e- 
commerce can (or will) restruc- 



ture businesses, society and 
even government. Mixed in 
with their charts and graphs are 
solid suggestions, of the sort 
that only senior consultants 
could make with authority. 

But then, Fellenstein and 
Wood are senior consultants, of a 
sort. Fellenstein is global 
chief deployment ar- 
chitect at IBM's 
Global Services divi- 
sion. Wood is an IBM 
executive consultant in- 
volved in the company's 
own e-commerce strategies. 

Despite the fact that both 
authors work for Big Blue, their 
book is nicely evenhanded. 

The first quarter of the 
book explores the question 
"What is e-commerce?" The 
chapters wander disjointedly, 
discussing definitions of both 
e-commerce and e-business 
proposed by different organi- 
zations. It's interesting to see 
the various and sometimes 
conflicting definitions — and 
it's helpful to realize that there 
is such disparity. 

Anyone searching for hard 
data might be tempted to jump 
over these first few chapters. 
Don't skip pages 30 to 34: "E- 
business Design Quality As- 
pects." Here, the authors de- 
fine 10 "best practices" for de- 
signing a quality e-commerce 
system, which they refer to re- 
peatedly throughout the rest of 
the book. Without knowing that 
"design quality" means correct- 
ness, efficiency, flexibility, in- 
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tegrity, interoperability, main- 
tainability, portability, reliabili- 
ty, reusability and testability, 
the constant references to that 
concept become meaningless. 

A small, 30-page section on 
distribution channels makes up 
the second portion of "Explor- 
ing E-commerce." Don't skip 
it. It's focused on how e-com- 
merce activities will affect 
banking, the channel 
and the role of new 
content aggregators. 
Since nearly every 
business uses a bank, or 
is a bank itself, the au- 
thor's observations on 
how the financial infrastruc- 
ture is changing and how new 
players are emerging to per- 
form activities formerly re- 
served for banks, are vitally im- 
portant for planning an e-com- 
merce system. 

Nearly half the 
book is consumed 
by the third sec- 
tion, which focuses 
on how to re-engi- 
neer a business 
to exploit e-com- 
merce — or at least, 
to survive it. 

An exploration 
of how e-commerce 
can affect spare-parts manufac- 
turers, in conjunction with a 
mini-case study of Boeing Co.'s 
spares business, defends the as- 
sertion that this business sector 
not only will make a rapid move 
toward e-commerce, but in the 
process it will eliminate its re- 
sellers. The authors' arguments, 
of course, may lend themselves 
to portions of other businesses. 





But if you're going to disin- 
termediate your channel part- 
ners and deal with your cus- 
tomers directly, the authors 
caution, be sure to learn how to 
deal with end customers. Many 
Web sites are hard to use, and 
without metrics it's difficult to 
know where the problems lie. 
Remember that on the Web, as 
the book repeats often, your 
competitors are only a click 
away. The book stresses good 
design principles, and includes 
a list of 20 tests for evaluating 
site usability. Good stuff. 

Finally, "Exploring E-com- 
merce" takes on what the au- 
thors term "unique manage- 
ment and organizational chal- 
lenges" using the insurance 
and travel vertical markets as 
examples. Even if you're not 
in one of those markets, there 
may be common 
factors that apply 
to your business. 

Overall, "Ex- 
ploring E-com- 
merce" offers an 
unusual viewpoint, 
of how IBM (by 
implication) views 
the world of e- 
commerce. Con- 
sidering that IBM 
has been one of the most suc- 
cessful vendors in this area, it's 
worth a few dollars to spend 
some virtual time with two of 
its experts. I 

"Exploring E-commerce, Global 
E-business, and E-societies." 
Craig Fellenstein and Ron 
Wood. Prentice Hall, 2000. 
Trade paper, 269 pages, $39.95. 
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<< continued from page 16 

ready had marked out "leading 
application service provider," 
or "best Internet service 
provider," so Push had to go 
out and invent a title all its 
own: "total service provider." 
And then, they give you the 
acronym to try to make you 
think it's a commonly used 
term. And I'm left to wonder, 
who is the California Northern 
Coast's Platinum Citrix Inte- 
grator, or the one from the 
state's Southern Coast? 

And then there is this one 
from a recent press release: "Ra- 
tional Software, the e-develop- 
ment company, announces the 
availability of two new books 
authored by Rational thought 
leaders." 

Thought leaders? Weren't 
they the guys from Fahrenheit 
451 who decided what people 
could and could not read, or lis- 



ten to? That one just flat-out 
scares me. 

Every company, it seems, 
touts products that are "best- 
of-breed." What is this, the 
Westminster Dog Show? And 
the ones that really get me 
are the announcements from 
start-ups. I wonder, how can a 
company that's 14 months old, 
doesn't have a product out yet, 
and isn't likely to turn a profit 
in the next five years (if ever) 
call itself an industry leader in 
anything? It's like Lake Wobe- 
gon, where every child is 
above average. 

All this noise. After a while, 
you become deaf to it. A per- 
son who lives next to a fire- 
house, after a time, stops hear- 
ing the sirens; yet, every visitor 
to that home wonders how 
anyone could stand living next 
to a firehouse. 

So, with the full understand- 



ing I could be labeled a heretic 
for this, let me put forward a 
supposition to all you vendors 
in the audience: How about po- 
sitioning your company and its 
products with a little honesty 
and openness? 

For an industry that looks to 
openness of source code as a 
panacea, it sure is difficult to 
reach many of these company 
executives, who take a willing 
back seat to the PR and market- 
ing machinery. How is it that 
someone can conceive of a 
world in which all people are 
linked electronically for infor- 
mation and transactions, but 
cannot answer a question with- 
out a public relations person lis- 
tening in on an extension, run- 
ning interference, making sure 
the response places the compa- 
ny in the best possible light. 

Don't misunderstand. Public 
relations professionals are im- 



portant. But like the boy who 
cried wolf, they must learn 
when enough is too much. 

Let your company and its 
products stand on their merits. 
If they are good, your cus- 
tomers will see that. If they are 
not, all the unsubstantiated 
claims and overinflated hyper- 
bole in the world is not going to 
blind anyone to that fact. I 

WHAT DO YOU THINK? 

SD Times welcomes feed- 
back from our readers. Let- 
ters must include the writer's 
name, company affiliation 
and contact information. 
Letters may be edited for 
space and style and become 
the property of BZ Media. 

Send your thoughts to 
letters@bzmedia.com, or fax 
to 516-922-1822. Please 
mark all correspondence as 
Letters to the Editor. 
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New BEA Products, Alliances 

BUSY MIDDLEWARE VENDOR ALSO HAS RECORD REVENUE. INCOME 



BY ALAN ZEICHICK 

Some bees sure are busy: At its 
annual users conference in San 
Francisco, middleware vendor 
BEA Systems Inc. demonstrat- 
ed several new and upgraded 
products, unveiled business al- 
liances and disclosed record 
quarterly financial results. 

Upgrades to BE As Web- 
Logic Commerce Server and 
Tuxedo transaction processing 
engine were the centerpiece of 
the company's presentation. 

BEA (www.bea.com) claims 
that its upgraded WebLogic 
Commerce Server 2.0 is the 
first commerce server to use 
Sun Microsystems Inc.'s Enter- 
prise JavaBeans (EJB) architec- 
ture, and is completely compli- 
ant with Sun's Java 2 Enterprise 
Edition (J2EE). Features of the 
WebLogic Commerce Server 
include online catalog, shop- 
ping cart, inventory manage- 
ment, order entry, order man- 
agement, customer service, 
shipping and rules-driven prod- 
uct recommendation. 

The new software is expect- 
ed to be available this month 
for Windows NT and Solaris. 
It's priced at $40,000 per CPU, 
and includes BE As WebLogic 
Server application server. 

RULES RULE 

WebLogic Commerce Server's 
rules-driven product-recom- 
mendation feature uses tech- 
nology from I LOG Inc. (www 
.ilog.com), long a player in the 
artificial-intelligence and ex- 
pert-systems market. BEA has 
licensed ILOG's JRules Java- 
based engine and will incorpo- 
rate it into the commerce serv- 
er. JRules can be integrated 
with a Java client in the form 
of an applet, or with a server as 
a servlet, EJB component, 
CORBA component or COM+ 
component. 

"WebLogic Commerce Serv- 
er provides the market with the 
most adaptable, standards-based 
implementation of commerce 
functions," said Ivan Koon, pres- 
ident of BEA's e-commerce ap- 
plication components division. 
"We differentiate ourselves by 
enabling our customers to cre- 
ate sustainable competitive ad- 
vantage through the customer- 
driven business-to-business val- 
ue chain. ILOG's compact, 
high-performance rules engine 
enables us to deliver the cus- 



tomer retention component for 
more effective up-sell and cross- 
sell opportunities." 

DRESSING UP TUXEDO 

At the conference, BEA an- 
nounced the version 7.1 upgrade 
to its Tuxedo transaction-pro- 
cessing middleware engine, with 
key enhancements claimed in 
the areas of security software in- 
tegration, improved message- 
queuing performance, threads- 
based programming support and 
support for XML. Tuxedo 7.1 is 
scheduled to be available in the 
second quarter. 

Tuxedo 7. Is new Security 
Framework, says the company, 
allows developers to integrate 
Tuxedo applications with third- 
party security products, as an al- 
ternative to using BEA's own se- 
curity tools. Tuxedo also now in- 
cludes support for Public Key 
Infrastructure (PKI) encryption. 

The benefit, claims BEA, is 
that Tuxedo-based applications 
can more efficiently perform 
multiple transaction sequences 
in parallel, such as checking a 
consumer's credit and updating 
the supplier's inventory database. 

Also, as part of BEA's move to 
Web-enable business-to-busi- 



ness transactions, Tuxedo now 
recognizes XML data types with- 
in a Tuxedo message buffer, and 
can route the message based on 
the content of the XML data. 

GOOD FOR BUSINESS 

Two big companies are working 
more closely, as BEA and NCR 
Corp. unveiled a multimillion 
dollar licensing and joint market- 
ing agreement to help the com- 
panies jointly market both BEA's 
transactions servers and NCR's 
Teradata data warehouse. 

Under terms of the agree- 
ment, both companies will joint- 
ly market a BEA elink adapter 
for Teradata, which allows appli- 
cations running on the Web- 
Logic application server to ac- 
cess the data warehouse. NCR 
will resell the BEA's WebLogic 
Server, and BEA will resell Tera- 
data for Windows NT. 

"As e-businesses evolve be- 
yond simply using technology 
for collecting transactions and 
delivering information, they re- 
quire technologies that enhance 
relationships," said Marty Seyer, 
vice president of NCR's E-Busi- 
ness Group. 

Perhaps BEA will need a 
data warehouse for its order 
book: The company announced 
a record fourth quarter. For the 
quarter ending Jan. 31, BEA re- 
ported revenue of $149.2 mil- 
► continued on page 19 



Dartmouth Force-Feeds Java To 
Students Thirsting for Knowledge 

All-nighters now require both caffeine and 
caffeinated programming language 



BY DAVID RUBINSTEIN 

This is the stuff that college 
bookstores live for. 

Dartmouth College, that 
bastion of the Ivy League, has 
decided to scratch C++ from 
several mandatory computer 
science and engineering class- 
es, replacing it with Java. 

The switch, according to the 
college, will allow course work 
to be done on PCs, which was 
not allowed in the past, and will 
make the courses more accessi- 
ble to the increasing number of 
PC users on the campus. The 
courses are taken by roughly 
280 students every year. 

C++ had been taught at the 
Hanover, N.H. -based school 
since 1994, but the move to Java 
was made, according to associate 
professor of computer science 
Tom Cormen, because it's easier 
to learn and "is quickly becom- 



ing the programming language 
of the Internet." Dartmouth, of 
course, has a history of innova- 
tion in programming lan- 
guages — it was at that school, in 
1964, that John Kemeny and 
Tom Kurtz developed the BA- 
SIC programming language for 
their computer programming 
courses. Later, Dartmouth made 
the move from BASIC to Pascal. 

Computer-science majors 
still must learn C + + , which 
is used in most upper-level 
courses and is the standard in 
the programming industry, Cor- 
men said. In the Java classes, 
students will learn to use objects 
right away, a topic that was de- 
layed in C++ classes, he added. 

The move from C++ to Java 
reflects a recent trend at other 
colleges reflecting an improve- 
ment in programming software 
and... textbooks. I 
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^continued from page 7 iRenaissance has added XML API func- 
tionality to iRenaissance Events, its event management package 
formerly known as Calendar Central. It claims the addition of an 
XML API will enhance users' ability to interface with legacy sys- 
tems anywhere within an organization without the need to recode 
legacy apps . . . Fujitsu Software announced AIX compatibility 
for its i-Flow embeddable workflow engine, available to ISVs, sys- 
tems integrators and OEMs . . . MuSE Technologies Inc. has up- 
graded its MuSE Software Development Environment to version 
2000, which is focused on helping developers understand com- 
plex data using perceptual computing . . . Imperial Software 
Technology Ltd. has updated Visaj, its visual application builder 
for Java, to integrate with Sun Microsystems Inc.'s Forte for Java 
Community Edition integrated development environment (for- 
merly known as NetBeans) . . . Neon Systems Inc.'s new Diplo- 
mat product, when integrated with Neon's Shadow product 
group, provides a blending of enterprise application integration 
and B-to-B integration for disparate S/390, Windows NT and 
Unix applications . . . TRADEPAQ Corp, (formerly EDI Corp.)'s 
new TRADEPAQ.enable puts existing enterprise applications run- 
ning on host systems onto the Web without additional program- 
ming by converting host screens into a Java-based GUI . . . 
Aufrance Associates has updated its Internet ASP development 
tool kit. The VB ToolKit Internet 2000 for Windows NT and Visu- 
al Basic 5.0 includes sample source code and 15 Visual Basic 
classes that provide source code for developers to create Web-to- 
database and automated e-mail applications . . . Sun Microsystems 
Inc.'s new Sun Development Framework program is designed to 
bring together a select community of ISVs with similar design 
goals so they can create cross-platform solutions with integration, 
interoperability and compatibility for Web applications, J2EE ap- 
plications, mobile wireless or e-commerce solutions . . . GraphOn 
Corp. will release OEM beta versions of its Web-enabling soft- 
ware Bridges for Unix and Linux, providing fast access of Unix and 
linux apps from a desktop device over any connection with no ad- 
ditional hardware and without changing code. The release of 
Bridges 1.0 will replace GraphOn's current server-based software 
product line, including GO-Global, GO- Joe and GO-Between. 



PEOPLE 



Microsoft Corp. announced that Edward Tobin, currently U S West 
vice president for public policy and former top aide to Massachu- 
setts Gov. William Weld, will join the company as senior director 
for corporate affairs . . . BEA Systems Inc.'s CFO Steve Brown, has 
been promoted to the newly created position of executive vice 
president of business planning and development. The company 
also announced that William Klein, former vice president and chief 
financial officer for Hewlett-Packard Co.'s Inkjet Imaging Solu- 
tions business, has been appointed chief financial officer. Both 
Brown and Klein will report to chairman and CEO Bill Coleman 
... In a recent survey of 1,400 corporate chief information offi- 
cers, 37 percent of corporate CIOs named Microsoft Corp. chair- 
man Bill Gates as most admired in the industry. Dell Computer 
Corp. chairman and CEO Michael Dell was next with 19 percent, 
followed by Apple Computer Inc. CEO Steve Jobs (9 percent), 
linux inventor Linus Torvalds (7 percent), Hewlett-Packard Co. 
co-founder William Hewlett (5 percent), Sun Microsystems Inc. 
chairman and CEO Scott McNealy (3 percent) and Oracle Corp. 
chairman and CEO Larry Ellison (3 percent). And, 17 percent of 
the respondents chose "Other/Don't Know". . . Greg Heard has 
joined Sequoia Software Corp. as CFO; he previously served as 
managing director at Corbyn Investment . . . Symantec Corp. has 
named Ron Moritz as chief technical officer. Moritz will lead 
Symantec's Core Technology group . . . Ariba Inc. appointed John 
McMahon as senior vice president of worldwide operations . . . BZ 
Media's SD Times has named Mara Leonardi as art director, 
Phyllis Oakes as circulation assistant and Doug Finlay as associate 
news editor. I 
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Rogue Wave Steps Up Offerings 



Objective Studio for Wi 

Upgrades of three of its best-sell- 
ing packages are at the core of a 
product-improvement initiative 
at Rogue Wave Software Inc. 

The company's Stingray divi- 
sion is shipping Objective Stu- 
dio for Windows 2000, designed 
to provide programmers with 
components helpful for build- 
ing applications in Microsoft's 
Visual Studio environment. 

Among the new features of 
Objective Studio are improved 
support for HTML, Extensible 
Markup Language (XML) and 
Microsoft's BizTalk protocol, as 
well as improved compatibility 
with Windows DNA 2000. Ac- 
cording to the company, Objec- 
tive Studio 2000 offers a tool to 
generate source code from an 
XML schema and the ability to 
save grid blocks as HTML ta- 
bles. Also, customers will be able 
to select individual products in a 
custom suite, rather than having 
the studios prepackaged. There 
are 11 products from which to 
choose, including seven Visual 
C++ products, and they can be 
seen at the company's Web site 
(www. roguewave .com) . 

Stingray has also slashed the 
price of Objective Studio by 
nearly 50 percent over the pre- 
vious versions, with volume 
price discounts for multiple- 
license purchases and a dis- 
count for purchasing through 
the Rogue Wave site. 

In addition, Rogue Wave 
has upgraded its Threads. h+ + 
and DBTools.h++ component 
libraries. Version 2.0 of 
Threads.h++ adds features to 
reduce time developers spend 
debugging multithreaded appli- 
cations and to reduce memory 
leaks. Applications built with 
Threads. h++ are portable 
across supported platforms, in- 
cluding Windows NT, Solaris 
and Linux, says the company. 

BEA UPDATES 

^continued from page 18 

lion, up 82 percent from the 
same period in the prior year, 
and up 18 percent over the third 
quarter of this fiscal year. BE As 
operating income for the fourth 
quarter was $22.3 million, up 
273 percent from the prior 
year's fourth quarter and up 55 
percent over the third quarter 
of this fiscal year. The compa- 
ny's board of directors autho- 
rized a two-for-one stock split. I 



ndows 2000 highlights 

DBTools.h++ 4.0 offers a 
two-level programming inter- 
face that enables developers 
to choose the mix of produc- 
tivity and control when devel- 
oping applications. Using the 



tool upgrades 

DBTools.h++ "classic" interface, 
developers are shielded from 
the details of relational data- 
base programming. The new 
OpenSQL interface provides 
low-level control of the code 



specific to a particular database. 
In addition, DBTools.h++ 4.0 
offers a performance boost to 
current users with no changes 
to existing applications, and 
runs on Windows NT, Solaris, 
Linux, OS/400 and OS/390. 

Speaking of Linux, Rogue 
Wave has also ported its Nou- 
veau 2.0 component library to 



Linux. Nouveau uses XML and 
Simple Object Access Protocol 
(SOAP) to provide interoperabil- 
ity among COM, CORBA, RPC, 
XML and Java — across your en- 
terprise or over the Internet — 
without bridges or wrappers, 
says the company. Nouveau for 
Linux pricing starts at $3,600 
plus run- time licenses. I 
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Maximum Power 
Minimum Size 

♦ Small, scalable, static X Server 

♦ Specially built & stripped for precise needs 

♦ Perfect for embedded systems 

♦ Ideal for consumer electronics industry 

♦ Includes Fast Light Tool Kit (FLTK) 

♦ FLTK is based on C++ 

♦ FLTK includes a User Interface Builder 

♦ Output is editable C++ source code 

♦ Supports X11 Double Buffering Extension 

♦ Available for: 

Linux/x86, Linux/Alpha, FreeBSD, 
BSDI, LynxOS, & QNX 
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METRO LINK 



MOTIF COMPLETE! 

The ULTIMATE Motif for Linux 



♦ 3 Versions of Motif on 1 CD 

♦ Multiple Development Environments 

♦ Mix & Match Modules with 
Graphical Installation 

+ Includes Motif Ver. 1.2, 2.0, & 2.1 

♦ Supports both glibc & Iibc5 

♦ Glibc 2.1 ftp update available 
+ Available for: 

Linux/x86, Linux/Alpha, FreeBSD & BSDI 
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METRO-X 



performance X server for Linux 

♦ Graphical Configuration Utility 

♦ Touch Screen Support 

♦ Multi - Screen Support 

♦ 3D Input Device Support 

♦ Robust & High - Performance X Server 

♦ Available for: 

Linux/x86, Linux/Alpha, FreeBSD, 
BSDI, LynxOS, & QNX 
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Hardware accelerated OpenGL R 

♦ 3D Hardware Support 

♦ High-Performance Accelerated 
Implementation of OpenGL 

♦ OpenGL Conformance Test Certified 

♦ Includes a Free Copy of METRO-X 
+ Available for: 

Linux/x86, Linux/Alpha, & FreeBSD 



For Each Copy Registered 
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BATTENING DOWN THE FORT, TIER BY TIER 

Web-based businesses are forcing application developers to 
redefine what it means to build secure systems 

eTrade. "Pressure to get a site up is just 




BY JENNIFER DEJONG 

Recent attacks on popular e-commerce 
sites are raising questions about the se- 
curity of Internet applications. In the 
past few months alone, hackers 
have proved that they can steal 
customers' credit-card numbers, 
rip off e-tailers by swapping price 
tags en route to the electronic 
checkout, and even temporarily 
close an online store's doors for 
business by launching denial of Security wasn't 
service attacks. an issue before 

That has catapulted the issue the Web, said 
of Web security from the back IBM's Linda 
burner to the bottom line, get- Distel. 
ting application developers to 
talk about what went wrong. 

"In the rush to get commerce sites 
up, they are playing fast and loose and 
getting burned for it," said Scott Diet- 
zen, chief technology officer at BE A 
Systems Inc. (www.bea.com), a Web 
software developer whose application 
and transaction servers power sites such 
as Amazon.com, Priceline.com and 



intense," he added. 

Dietzen and others like him agree 
that the breaches are largely the result 
of poor programming practices. 
As companies succumb to mar- 
ket pressures to get their e-com- 
merce sites up fast, they are 
rushing their development ef- 
forts, unknowingly allowing pro- 
grammers, who may lack 
enough experience, to design 
Web apps that leave holes wide 
open for hackers. 

Compounding the problem, 
they say, is that the Internet is in 
the midst of rewriting the rules 
of developing applications, hurtling en- 
terprise development shops into a major 
technological and cultural change. As 
they move away from a client/server 
model of computing and toward a Web- 
centric one, they are finding few securi- 
ty road maps to follow, leaving many to 
learn by trial and error. 

"We have gone through a lot to get 



here," said Steve Graese, director of 
software development for the travel 
reservation Web site Trip.com 
(www.trip.com), who began developing 
the site about three years ago. "Even 
when you do your homework, there's a 
lot to learn along the way." 

SECURING THE FORT, TIER BY TIER 

Before the Web, there wasn't much rea- 
son to worry about outside threats to ap- 
plications. "But when you talk about se- 
curing your Internet applications, you 
are talking about adding multiple layers 
of defense," said Carol Woodbury, chief 
engineering manager for AS/400 securi- 
ty at IBM Corp. 

Because they are complex and multi- 
tiered, unless they are carefully secured, 
e-commerce applications leave potential 
holes for hackers. In a typical setup, a 
browser talks to a Web server, which talks 
to an application server, which in turn 
talks to multiple back-end databases that 
store the inventory and accounting data 
essential to completing the online transac- 
tion. "Each [tier of the application] comes 
with its own level of risk — and each layer 
must be secured," said Woodbury. 

"You need to repeat the authorization 
process on each tier of the system," 



BUILDING SECURE APPS IS ABOUT PEOPLE, POLICIES AND PROCESS 



Larry Baron is senior product manager 
for Java security at Sun Microsystems 
Inc., where he's responsible for the se- 
curity features embedded in the Java 
Development Kit, as well as numerous 
separate security products and exten- 
sions. Given the host of tools and tech- 
nologies programmers have at their dis- 
posal today, Baron believes that devel- 
oping secure applications is ultimately 
not about what tools you use. It's about 
people, policies and process. He said 
the only way to ensure that people de- 
velop secure systems, considering the 
enormous complexity of today's multi- 
tier Web applications, is proper adher- 
ence to an appropriate policy. We asked 
him to elaborate on that and to com- 
ment on some of the recent security 
breaches that have made headlines. 
Here's what he had to say. 

SD Times: What do you make of recent 
reports of customers being able to 
"price-tag swap" in their e-commerce 
shopping baskets, changing the scripts 
around to lower the price? 
Larry Baron: What you are talking about 
here is an instance of poor implementa- 
tion. That happens because there's no se- 
curity policy at the outset — no set of 
rules or a means of enforcing them. 
What does the security policy entail? 
In building a security system, you have 
to keep three things in mind: people, 
policies and process. You have to de- 
cide: "What am I going to allow? What 
am I going to prevent people from do- 
ing?" Let's say we have a security policy 



that says: "I don't want people to do ad- 
ministration on weekends or during 
nonbusiness hours." If that's your poli- 
cy, you need a process to match. One is 
useless without the other. 
How would you apply that to a shopping 
cart example? 

What is happening in the shopping cart 
application is that the software is con- 
figured with hidden fields, which users 
are getting access to and changing. In 
this case, your policy is not to embed 
scripts in price tags. You need a process 
to match. That might be using an anti- 
tampering technology, such as signed 
check sums, which adds a unique iden- 
tifier that is checked at each stage. 
Why are we seeing such poorly imple- 
mented Web applications? 
There is nothing endemic to e-commerce 
that makes this happen. You can design 
bad client/server apps, too. What is hap- 
pening is that there is a lower barrier to 
entry in Web-based apps. There are a lot 
of home-grown Web sites out there, de- 
signed by people who have the knowl- 
edge to get the shopping cart to work but 
don't have the experience to do it right. 
Designing multitier applications demands 
a high degree of know-how, a combina- 
tion of knowledge and experience. 
So applications like the "price-swap" 
are being designed by people with bare- 
ly enough knowledge and no experience? 
Exactly. In multitier applications, you 
are building systems that have a lot of 
handoffs — a browser talks to a Web 
server, talks to an app server, which 
talks to multiple database back ends. 



They are extraordinarily complex. You 
have to understand the chain of custody 
for the data. What is happening to the 
data? Is there any chance it can be 
changed or altered along the way? This 
is really a matter of trust — do I trust 
that the data I got is really the right 
data? You have to [secure that data] 
every step along the way. 
With many applications, users 
and administrators use the same 
Web-based interfaces. How can 
enterprise developers ensure 
that the administrative inter- 
faces are safe? 

It's suicidal to build a system 
where users and administrators 
share the same interface. You 
need a strong I and A chain — 
that's identification and authen- 
tication. How do I know you are 
who you say you are? The lowest 
form is, of course, passwords, but there 
are other technologies, like the digital 
token card, or "hard token," which is es- 
pecially useful for verifying the identity 
of administrators logging on remotely. 
These tokens generate single-use pass- 
words without requiring synchroniza- 
tion with a host. 

What other approaches can you use? 
The administrative tasks can be broken 
down into roles. One admin adds new 
products to an e-store. The next guy 
adds the price information. It's a basic 
security concept — separation of roles — 
which prevents a situation where the 
sole administrator can do bad things. 
Let's get back to multitiered applica- 
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Sun's Larry 
Baron said 
proper policy is 
key to security. 



Knox, 



added Dietzen, who said that the typical 
BE A Systems customer is managing a 
Web application that is at least three tiers 
deep. "At each point, the client has to es- 
tablish that he is who he says he is. It's 
easy to forget that step [when it comes to 
the back-end databases]," he said. 

Although it's natural to apply the high- 
est level of scrutiny to applications that 
reside outside the firewall, in multitier 
Web applications it's also essential to se- 
cure internal communications to the 
same level. That's common practice in 
the financial industry, said Dietzen, 
where federal regulations stipulate what 
kinds of information employees can and 
cannot see. "You can use the same securi- 
ties on the intranet as you do on the pub- 
lic Web," he said. 

Part of reason it's so easy to forget 
about securing inside systems is cultural. 
At many companies, the back-end data- 
bases that are now being integrated with 
Web applications have been around for 
years — and for years there simply wasn't 
much reason to secure them, according 
to Linda Distel, program director for Sys- 
tem/390 security at IBM. "But now that 
they play a critical role in completing 
Web transactions, all that has changed." 
► continued on page 23 

tions. A system with multiple handoffs, 
as you call it r is only as secure as its 
weakest link. How do you test it? 

It's not a question of building and test- 
ing them. You need a policy first. Could 
you put together a car from a bag of 
parts? What if you could make it so it 
would go but wouldn't stop? What if 
the wheels fell off? 

But even if I follow a policy, how do I 
know when the system is secure? 

Let's talk about an airplane. It's a 
high-assurance device. Before it 
can fly, there are years of review, 
design and so forth. This high 
level of assurance is what makes 
the plane cost a lot of money. I 
could build a car with the same 
assurance as an airplane. But 
that car would cost too much. 
So how much assurance is 
enough assurance? 
It's a question of balance. Build 
[a system as] secure as Fort 
and it will cost you a lot of money 
and take too long to build. You have to 
figure out the appropriate balance in 
each case. When security was simply 
about access control, it was easy. You had 
a mainframe in a room. And if I couldn't 
get into a room, I couldn't do any [harm]. 
But Web applications by definition will 
never be that safe. 

They are enormously complex, but 
there are endless tools to secure them. 
You have to understand the security 
policy first, then use tools, then check 
against compliance. Ultimately it's pret- 
ty simple — it's a matter of understand- 
ing your system and setting boundaries. 
-Jennifer dejong 
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Keyn ote Addresses And 

Panel Discussions 

CA-World SM attracts the best and 

brightest talent. A sample of our 
former keynote 
speakers include: 
Microsoft's Bill Gates. 
Intel's Andrews. 
Grove and Craig R. 
Barrett, former 
President, George 
Bush, General Colin L. Powell, USA 
(Ret), and former President, J immy Carter. And this year's talent is proving 
just as impressive with Computer Associates Chairman and Chief Executive 
Officer, Charles B. Wang, President and Chief Operating Officer, Sanjay 
Kumar, and United States Senator and Astronaut, J ohn Glenn. 
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rechnical Sessions 

With over 3,000 sessions on virtually every facet 
of IT solutions during the conference you'll learn 
to get the most out of your Computer Associates 
solutions. Industry experts, including CA's own 
development staff, provide valuable insights into 
emerging technologies and industry issues. 



Networking Opportunities 
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Here is your chance to meet with CADevelopment and support 
staff. Listen to user experiences. Network with your peers 
and participate in Focused Network Groups. 

FREE Pre-ConFerence Education 

Pre-Conference Education is designed to educate 
IT professionals on the latest tools and technolo- 
gies offered in the industry today. These 
classes are provided to 
conference atten- 
" dees FREE OF 
CHARGE on April 8 
and April 9. 



Call The CA-World , 
1-877-CAWORLD (229-6753) Today! 
Or Visit Us At www.caworld.com. 

©2000 Computer Associates International, Inc., Islandia, NY 11749. All logos and product names referenced herein are tradem 



CA Education Services 

Attend any of the many CA-World 2000 
hands-on labs and let CA's own 
development and support staff show 
instruct you. 

Registration 

J oin the best and brightest professionals at CA-World 2000. 
To register, and for more information, visit 
www.caworld.com or call the CA-World Hot Line at 
1-877-CAWORLD (229-6753) or 1-631-342-6600. 




Exhibitor Opportunities 



If your company can only exhibit at one industry show 
this year, it has to be CA-World 2000. For Exhibitor and 
sponsorship opportunities, please call 1-631-DIAL 
EXHIBIT (342-5394). 
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BATTEN DOWN 

^continued from page 21 

Because the S/390 has security fea- 
tures built in at both the operating- 
system and the hardware level, it is espe- 
cially well suited for developers designing 
secure Web applications. "The OS/390 
automatically defines the Internet user as 
someone who cannot see anything [un- 
less you choose to grant access]," she said. 
Judging by the recent security breaches, 
some developers seem painfully unaware 
of the risks to which they are exposing 
their companies. "The programming 
shortcuts they take prove their inexperi- 
ence," Dietzen said. "Naivete leads to ex- 
posure," he added. The result is applica- 
tions that are easy to tamper with. 

"Every time you allow a user to enter 
information into an e-commerce appli- 
cation, it's potentially hazardous. You 
need to be supremely suspicious of all 
outside requests," Dietzen said. 

CHAOS IN THE SHOPPING CART 

He attributed the recent reports of the 
price-tag swaps — users tampering with 
scripts to "swap" a high price with a low 
price in a shopping cart application — to 
an utter lack of such suspicion. "To en- 
sure safety, you should generate an 
HTML page without any smarts in it, 
validating the user's input on the server," 
said Dietzen. 

"Validating input on the client, using, 
for example, JavaScript, gives you faster 
turnaround time," said Dietzen. "But 
since the client is open, a smart user can 
do what he wants with it." 

Or, as Larry Baron, senior product 
manager for Java security at Sun Mi- 
crosystems Inc., said, "Designing an ap- 
plication [where it's easy to swap price 
tags] is like saying: 'Here's my ATM card; 
here's my password; here's my balance.' " 

Still, others admit it's just human na- 
ture to try to take the easy way out. "It's 
partly laziness — developers don't want 
to be inconvenienced," said IBM's 
Woodbury. "Security really puts you 
through hoops. It's much easier to write 
an application and not have to worry 
about it," she added. 

"I understand how these kinds of 
things happen," said Trip.com's Graese. 
"But there are some things that you just 
shouldn't compromise on. Hackers are 
getting more and more sophisticated, so 
you have to be more and more careful." 

Experts say that securely designed 
Web applications result when develop- 
ers are not tempted to take such short- 
cuts, when they are forced to adhere to 
a policy or design plan. "Security needs 
to be part of the initial design of an ap- 
plication," said Woodbury. 

She said that the AS/400 is a good 
platform for implementing Web applica- 
tions, since security features are built in 
to its OS/400 operating system and in 
the hardware itself. 

But according to Sun's Baron, securi- 
ty is not really a matter of what platform 



the developer works on or which tools 
are used to do the job. "It is a matter of 
people, policies and process," he said. 
"You need a policy and a means of en- 
forcing it." 




NO END OF THREATS 

Web programming is strewn with other 
potential pitfalls. Developers say anoth- 
er common way for trouble to crop up is 
when applications rely on the 
same interface (the Web brows- 
er) for both users and administra- 
tors. Although for the developers 
the concept of the browser as the 
universal client is a key advantage 
of Web programming, from a se- 
curity standpoint it carries with it BEA's Scott 
the potential for harm. With both Dietzen said 
parties using the same interface, programming 
enterprise developers have to en- shortcuts lead 
sure that the administrative inter- to trouble. 
face is safe from savvy users who 
know how to get at it and might alter the 
application in some way. 

Most developers manage that prob- 
lem not by banning administrators from 
using that interface, but by securing ac- 
cess. "There is no need to manage the 
application outside of the corporate in- 
tranet," said Dietzen. "Exposing out- 



siders [to the administrative interface] is 
really an act of corporate negligence." 

Access is secured by the passwords, 
and by technologies like token cards. 
Because they issue single-use pass- 
words that don't require synchroniza- 
tion with the host, they are especially 
useful for verifying that administrators 
logging on remotely are in fact who 
they say they are. 

More difficult to prevent 
than any other Web threat is 
the so-called denial of service 
attack, which has to be shut 
down at the ISP level. In a de- 
nial of service attack, hackers 
effectively shut down a site by 
bombarding it with more re- 
quests for service than it has 
the bandwidth to handle. They 
are in effect installing a kind 
of time bomb that is difficult 
to detect. At some later date, 
the attacker can send a command 
to all of the "slave" machines, which 
wake up and start firing streams of in- 
formation that clog their targets' net- 
works. "It's like taking over the high- 
way and not letting anyone else on the 
road," said Dietzen. "It makes it im- 
possible to do business." 



Although such attacks are obviously 
disruptive, they are far less damaging 
than other forms of cyberterrorism, 
where money is stolen or sensitive infor- 
mation is exposed or altered. 

HOW MUCH SECURITY IS ENOUGH? 

Makers of application development 
tools agree that when Web security is 
breached, it's not for any lack of tools 
to do the job. "The public key infra- 
structure of the Web is extremely ro- 
bust," said Dietzen. Break-ins are 
nearly always a case of negligence, in- 
experience and poor programming 
practices. "Sites that take careful mea- 
sures and place sufficient emphasis on 
security will succeed [at keeping hack- 
ers out]," said Dietzen. 

But now that companies are doing 
business on the Web, applications will 
never enjoy the same level of security 
they had in the past. The current com- 
puting infrastructure is light years away 
from the old days when physical barriers 
secured systems, said Woodbury. "You 
simply set a system in a room with a 
locked door and no entry, and your data 
was safe," she said. "But we couldn't do 
business with it," she added. "Business 
risks have changed." I 



JAAS UP SECURITY ON JAVA 2 PLATFORM 

AVAILABLE IN FREE DOWNLOAD, JAAS CAN CHECK ID OF USERS WITH STANDARD PAM HOOKUPS 



BY REBECCA ROHAN 

Sun Microsystems Inc. has re- 
leased an additional piece of se- 
curity — Java Authentication and 
Authorization Service (JAAS) 
1.0, a pure Java implementation 
of PAM (Pluggable Authentica- 
tion Modules) — that can check 
the identification of users with 
standard PAM hookups. Pro- 
nounced "jazz," the APIs bring 
an additional piece of security to 
the Java 2 Platform now em- 
ployed by Linux, Windows NT, Apache 
Web Server and others. 

Java 2 security already included ele- 
ments such as the Java Cryptography Ar- 
chitecture (JCA) API, the Java Cryptogra- 
phy Extension (JCE) API and the Java Se- 
cure Socket Extension (JSSE) API, and 
based access controls on where code 
came from and who signed it, but it didn't 
act as a sentry. 

"PAM is definitely an important 
thing," said Bill Orvis, security specialist 
with the U.S. Department of Energy's 
Computer Incident Advisory Capacity 
Team (www.ciac.org). Orvis said adding 
PAM to Java "would definitely be good 
because it means you'd have an estab- 
lished authentication tool to authenti- 
cate Java programs. Of course, if it's 
done wrong, it could create great, glar- 
ing holes. If it's done right, applications 
won't have to do their own authentica- 
tion — you're not reinventing the wheel." 

"JAAS can plug into any Java Virtual 



Class Summary 


JndiL o giiiMo dule 


The module prompts for a usemame and password and then verifies the 
password against the password stored in a directory service configured 
under JNDI 




NTLoginModule 


This LoginHoduie renders a user's ITT security information as some 
number of Principals and associates mem with a Subject. 




NTSvstem 


This class implementation retrieves and makes available NT security 
information for the current user. 
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This LoginModule imports a user's Solaris Principal information 
(Solar isPrincipal, Solar isNumericUserPrincipal, and 
Solar isNumericGroupPrincipal) and associates them with the current 
Siabject. 




SolarisSystem 


This class implementation retrieves and makes available Solaris 
UrD/GID/groups information for the current user. 



JAAS security class libraries are for both Windows NT and Solaris. 



Machine," said Larry Baron, senior 
product manager for security, Sun Soft- 
ware Products and Platform. "The refer- 
ence implementation is a binary product 
people can use, but in the grander 
scheme of things, we want to propagate 
a standard set of APIs. You can use them 
anywhere you have a need to authenti- 
cate a user that's running a service on a 
virtual machine." 

JAAS, available in a free download, 
lets you base access control policies on 
individual users, groups or roles. Once a 
user signs on and is authenticated, the 
system carries the user's credentials so 
he doesn't have to sign into different ar- 
eas throughout the day. 

Naturally, cross-platform standards 
such as the PAM API mean lower devel- 
opment costs, not only because the de- 
veloper doesn't have to write a new ap- 
plication programming interface for 
everything he wants to hook up to, but 
because so many things he wants to hook 



up to are widely available. "PAM 
can use a number of different 
kinds of log-in services with dif- 
ferent authentication technolo- 
gies," said Baron, citing RSA, 
DCE, Kerberos, S/Key and 
SmartCard as examples. 

"We have sample source code 
for all those APIs," said Baron, 
"but if someone wants to build 
their own black box, that's OK. 
The APIs are the key — that's 
where we all win. If a new Smart- 
Card or other technology comes out, 
and everybody had their own home- 
grown APIs, they would have to graft it 
in on a custom basis." 

But, Baron added, "it's much better 
to use the reference implementation. As 
more and more people use it, it becomes 
more rock-solid. If everybody does their 
own implementation, it's possible that 
security-related issues might propagate 
through their system. With more people 
using the same implementation, it gets 
well tested." A link on the Web site lets 
users report problems. 

Under the licensing terms, Sun asks 
programmers who extend the API to make 
their extensions public. "If the extension 
gains acceptance, it would then roll into a 
future release of JAAS," said Baron. 

You can get JAAS from (java 
.sun.com/products/jaas). Sun expects 
to release a for-pay JAAS JCK (Java 
Compliance Kit) to test security later 
this month. I 
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WHAT HAPPENED? 



Jiminy Crickets! You turn away for a 
week or two and the whole world 
changes! Between the beginning of De- 
cember 1999 and early February, the two 
leading Java development environments 
changed hands. Symantec Corp. s Visual 
Cafe was acquired by a start-up I shall 
discuss shortly, while Borland/Inprise — 
the entire company that is — was ac- 
quired by Corel. Corel? The same folks 
who make Corel Draw? Well, um, yes. 

The Corel acquisition is unusual and 
yet somewhat of a family reunion. You 
recall perhaps that Borland had close re- 
lations with Novell. Novell's office suite, 
designed to compete against Microsoft's 
Office, contained Novell's then-recently 
acquired WordPerfect along with Bor- 
land's Quattro Pro spreadsheet and 
Paradox database. Novell eventually 
bought Paradox from Borland. When 
Quattro Pro was no longer core to Bor- 
land's redefined mission, Quattro Pro 
ended up in Corel's hands. Later, the 
rest of the products found their way to 
Corel's Ottawa headquarters. The bun- 
dle is now called WordPerfect Office 
2000 and is indeed a remarkable — albeit 
widely ignored — product suite. 

After unloading these products, Bor- 
land found its focus again selling enter- 
prise development tools. It brought out 



Delphi, C++ Builder and the highly re- 
garded JBuilder product. And then the 
company acquired Visigenic Software, a 
start-up that sold its own implementation 
of C ORB A. During the Visigenic acquisi- 
tion, Borland renamed itself Inprise, with 
a new focus "inside the enterprise." In- 
prise's fortunes were decidedly on the re- 
bound of late: revenues, profits 
and stock prices were all going 
up. This was due to the quali- 
ty of the Inprise development 
tools and to its CORBA story. 
The Visigenic CORBA server, 
named VisiBroker, was integrated 
into the development products in ways 
that made deployment considerably sim- 
pler than many of the packages available 
from CORBA-only vendors. 

However, the quality of CORBA im- 
plementation, the superior develop- 
ment environments and the new 
name — all this meant nothing to Corel. 
Inprise was bought because it recently 
ported its dev tools to Linux. Linux! 
Corel's stock has zoomed lately as a re- 
sult of the company's embrace of Linux. 
And with the higher-valued equity, 
Corel bought Inprise to sell the Borland 
line of dev environments to Linux pro- 
grammers. Nobody from Corel was will- 
ing to go on record about what would 
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happen to VisiBroker. There is good 
reason for this. The idea of buying a 
Linux box to run a CORBA server is a 
bit perverse. Add calling Corel for tech 
support and the whole scenario slips 
completely into the ridiculous. 

I suspect when Corel figures out 
what to do with its new stepchild, we will 
hear all about Corel's enterprise strategy. 
This may take a while, folks. 

Meanwhile, middleware vendor BE A 
Systems Inc. purchased the Visu- 
al Cafe Java development en- 
vironment from Symantec. 
Visual Cafe — a product in 
most ways inferior to Borland 
JBuilder — is itself a Borland de- 
rivative. The Symantec line of 
development tools was devised by Eu- 
gene Wang, who left Borland with cops 
and lawyers looking into charges he took 
trade secrets with him. 

Wang had served as Borland's go-to 
guy for getting the company to the fore- 
front of the C++ crowd. Wang left 
Symantec after a few years having recog- 
nized what everyone else already knew: 
Software development is not central to 
Symantec's business. Symantec tools are 
glitzy also-rans in both the C + + and Java 
development environment markets. The 
sale made sense for Symantec. But how 
about BE A? The company joined with 
venture capitalist Warburg, Pincus to 
fund a new corporation whose mandate 



is to create tools that accelerate the de- 
velopment of software for electronic 
commerce. At the heart of this mission is 
Java. And so a Java environment was 
needed. Enter Visual Cafe. Interesting- 
ly, the head of the Warburg Pincus fund 
is Alan Baratz, the former president of 
Sun's Javasoft unit. You would think that 
with this kind of pedigree the new, still 
unnamed company would be destined 
for great things. And indeed it might be. 
But you have to admit its avowed mis- 
sion — "to create simple-to-use software 
'power tools' that allow nearly any devel- 
oper to design and assemble e-com- 
merce software that can be customized 
on the fly to adapt to users' needs" — 
smacks a bit of over-reaching. I await 
product delivery before I buy in. 

The point, though, is that BEA is mov- 
ing beyond just being a middleware 
provider. It sees a need to innovate beyond 
its own products and into an area that 
holds promise: electronic commerce. For 
this kind of foresight, BEA has been re- 
warded this year. Its price is up twentyfold 
during the past 12 months. And if BEA ex- 
ecutes as well on this project as it has with 
WebLogic, things will be exciting. As for 
Corel/Inprise, though, I'm not so sure. 
Good execution may not be enough. I 

Andrew Binstock is principal analyst at 
Pacific Data Works LLC. Reach him at 
ahinstock@pacificdataworks. com. 
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One after another, companies in the 
Linux business are going public. And 
with each IPO new records are set. For- 
tunes are made overnight for company 
founders, early investors and open-source 
hackers. Market valuations are skyrocket- 
ing beyond expectation, beyond logic, be- 
yond explanation. And everywhere, pro- 
grammers scratch their heads: "How can 
a company be worth that much — worth 
anything — if its business plan is based on 
giving away its products?" 

WHAT'S THE REAL BUSINESS? 

We are confounded, I believe, because 
our thinking is too narrow. To find the 
logical sense at the center of the eco- 
nomic model, we need to broaden our 
understanding of what business the 
companies are in. 

Consider Amazon.com. Every quar- 
ter when it announces financial results, 
more industry watchers jump on the 
criticism bandwagon. Yes, on average, 
Amazon.com loses a little money on 
each book it ships. So if you narrowly de- 
fine Amazon.com as a company that's in 
the business of selling books, it is a los- 
ing proposition. But Amazon.com is also 
in the business of sending out occasion- 
al newsletters about new offerings. Of 
recommending books, music and movies 
to members based on their previous pur- 
chases. Of amassing a highly loyal base 
of customers who log on to the compa- 



ny's Web site frequently. Is there a busi- 
ness here? I think there is. But it's not 
the traditional bookselling business. 

So don't be distracted by the fact that a 
company gives away its "main product" or 
offers it at a loss. Take a step back and see 
what business the company is really in. 

CARD TRICKS 

Did you ever learn to do card tricks? 
The essence of magic, at least the kind 
of magic I tried to master as a kid, is mis- 
direction. The magician directs the audi- 
ence's attention to the right hand as he 
palms a card with his left. 

There's a fair bit of misdirection in the 
open-source software industry, too. In 
response to challenges from financial re- 
porters, investors and customers, Linux 
vendors all fall back on the same harm- 
less bit of misdirection: "Yes, we distrib- 
ute our product at no charge. We'll make 
our money in service and support." 

The claim satisfies questioners. But 
it's not the truth, or at least not the 
whole truth. 

Linux vendors sell Linux CDs. Check 
out their Web sites and you'll see the 
truth. A SuSE Linux 6.3 CD will set you 
back $49.95. Red Hat Linux comes in 
standard, deluxe and professional edi- 
tions priced at $29.95, $79.95 and 
$149.95. Visit Corel's online store and 
you'll pay $59 for the standard edition of 
Corel Linux or $89 for the deluxe edition. 



In contrast, Microsoft charges $219 
for a Windows 2000 upgrade. I've seen 
rebates and vendor promotions reduce 
the price to as little as $79. 

Thus, the retail prices of Linux and 
of Windows 2000 are comparable. Yes, 
you can download Linux for free if 
you're patient enough. On the 
other hand, Microsoft has, 
according to chairman Bill 
Gates, invested more than $1 
billion of engineering effort in 
Windows 2000... not to mention 
the overhead, advertising, mar- 
keting and manufacturing costs. I'm 
certain Red Hat will earn more profit on 
each copy of Linux it ships this year 
than Microsoft will earn on each copy of 
Windows 2000 it ships. 

Red Hat is one of the Linux compa- 
nies claiming it will give away its product 
and make money on service. But here 
are the figures from its own financial 
statements: It made $3.37 million selling 
software in the three months ended Nov. 
30, 1999, compared with $1.62 million 
on services. That's a 2-to-l margin. VA 
Linux Systems reported that just 1.5 per- 
cent of its total revenues came from its 
Professional Services operation. Make no 
mistake: Linux vendors are in the busi- 
ness of selling products for profit. 

THE REAL KEY 

Of course, profits are elusive. Advertis- 
ing, start-up and development costs out- 
run revenues. And barring some unan- 
ticipated change in the way market 
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shares shake out, costs will continue to 
outpace revenues. 

The Linux vendors are betting they'll 
achieve profitability through upgrade 
revenues. 

Here's how it works. You acquire a 
product — TurboLinux, say — for a negli- 
gible cost. You learn to use it. You 
visit TurboLinux's Web site 
and download some useful 
utilities. The TurboLinux sup- 
port team answers some ques- 
tions quickly and accurately. 
Now it's time to roll out your Lin- 
ux solution across the whole company — 
multiple servers, maybe with clustering 
or advanced features. Which Linux will 
you buy? 

Every Linux vendor has a loss-leader 
entry-level edition. And every one has 
high-priced proprietary upgrade edi- 
tions to offer you once you're in their 
camp. The Linux industry is taking a 
page from the highly successful cocaine 
industry: "The first hit's free, kid." 

Take these three factors — wider defi- 
nition of core business, revenue from 
product sales, and upgrade revenues 
based on the lifetime value of a loyal 
customer — and the open-source busi- 
ness starts to make sense. 

You can make a lot of money selling 
free software. I 

J.D. Hildebrand is the former editor of 
such publications as Computer Lan- 
guage, Unix Review and Windows Tech 
Journal. Reach him at jdh@sdtimes.com. 
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WINDOWS 2000: STILL THE AGE-OLD QUESTION 

I n conceiving this column, my editor 



I and I discussed two major points: One: 
the inevitability of my Pulitzer nomina- 
tion; and two: keeping track of new de- 
velopment tools for Windows, especially 
those from Redmond. So, my having al- 
ready penned two of these masterpieces 
necessarily put a slight tremor of frustra- 
tion into his tone as he asked me 
why there still had been no 
mention of new dev tools. 

Quite simply, it's because 
all the hottest, most anticipated 
new tools are just that: anticipat- 
ed. The buzz on the street is all 
about Windows 2000; and dev tools for 
this happy environment are still a ways 
away from the shrink-wrap. To keep my 
editor's blood pressure in line, however, 
I shall endeavor to share what I know. 

From Microsoft, new tools will soon 
arrive in the form of an upgraded Visual 
Basic, Visual Studio and, of course, the 
much-vaunted Windows DNA 2000. 
Microsoft CEO Steve Ballmer recently 
unveiled some specifics about Visual Ba- 
sic and Visual Studio (both moving to 
version 7.0) at the VBits trade show. As 
expected, one of the first indirect an- 
nouncements was that Visual Studio 7 
would probably not be hitting its target 
release date of spring 2000. 



SD TIMES 



WINWATCH 



OLIVER 
RIST 



On the upside, however, Visual Stu- 
dio 7 will ease the burden of developers 
trying to integrate Windows 2000' s XML 
penchant with existing Windows stan- 
dards, especially COM+. Developers 
should also be able to create Visual Ba- 
sic GUI items, such as forms, and pub- 
lish them directly to the Web. And even 
keener, Microsoft is claiming 
support for dragging and 
dropping inside the browser. 
On its own, Visual Basic 7 
looks to be adding some muscle 
as well. In an apparent quest for 
increased corporate acceptance, 
the new release will add advanced fea- 
tures into its mix, including support for 
inheritance, encapsulation and poly- 
morphism. You'll also gain the ability to 
exploit explicit free threading and struc- 
tured exception handling. This is a long 
way from Visual Basic's glorified macro- 
language roots. Microsoft explains the 
new features as its way of empowering 
Web developers within the Visual Stu- 
dio framework. Considering that Red- 
mond made absolutely no new an- 
nouncements regarding its support for 
Java, I suppose that closes the question 
of Microsoft's support for open-source 
technologies — and yes, I know that Java 
is Sun's property, but there's at least a 



perception that it belongs to the open- 
source community. 

On the XML front, though, it's an en- 
tirely different story. As touched on in an 
earlier column ("Will Microsoft Have 
Another Do-Little Year," Feb. 23, page 
31), Microsoft's upcoming Windows 
2000 DNA development architecture is 
heavily concentrated on XML — a trait 
shared by the entire Windows 2000 plat- 
form, and Microsoft is making noise 
about its intent to stick to established 
standards on this one. We'll see. Mi- 
crosoft intends to combine Windows 
DNA with Visual Studio, Windows 2000 
and the upcoming 2K generation of 
BackOffice applications to create an ex- 
tremely powerful, flexible XML-orient- 
ed Web development platform. Why 
does this not sound open to me? 

As you may have noticed, my feelings 
on this are a bit mixed. On the one hand, 
even the early press releases are promis- 
ing a level of robustness and integration 
that I just don't see from anyone else 
when it comes to XML and Web devel- 
opment in general. Microsoft seems to 
have standardized on XML as the crux 
of its software interoperability strategy 
for Windows 2000. For someone who 
really needs to get something done and 
working, this could be a real boon as 
long as they don't mind Microsoft A to Z, 
from soup to nuts. 

But on the other hand, you just know 



this will be about as open as the planning 
meeting for the next Star Wars movie. 
Microsoft is going to encapsulate XML 
in a proprietary cocoon of power and 
easy integration and then hope we don't 
notice the extra stickiness. 

And it's not as though Microsoft 
doesn't have competition, even on the 
Windows 2000 front. IBM, Sun and 
longtime XML champions such as Blue- 
stone all sport development tools, data- 
base hooks and application servers that 
interoperate not only within their own 
brand names but with each other as 
well. And where Microsoft has chosen 
to put Java in a bowl next to the back 
burner, none of these other vendors has 
followed suit. Most are trying to com- 
bine the two, which has greater long- 
term promise. 

The question here will be the same as 
it always has been: Can third-party chal- 
lengers provide as much functionality on 
the Windows 2000 platform as Mi- 
crosoft? Or will it be a slight features 
trade-off with some makeup in the relia- 
bility department? While the question 
remains the same, only beta testing and 
time will provide the answer. Now 
where's my Pulitzer? I 

Oliver Rist is technical director of 
Grand Central Network, an Internet 
consulting company. He can be reached 
at orist@srand-central.net. 
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Don't let a few forgotten bugs stand 
between you and a successful product! 

Automate with TestTrack and improve product 
quality, reduce time-to-market and gain a distinct 
advantage over your competition! 

TestTrack and TestTrack Web are proven bug tracking solutions 
that simplify tracking bugs and feature requests, while improving 
team communications. Seapine's bug tracking solutions offer the 
BEST price-to-feature ratio and are easy to install and maintain. It's 
no wonder today's top developers prefer TestTrack and TestTrack 
Web! ^i\ 
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Includes advanced features like a stand-alone bug reporter>automated e-mail bug import, e-mail notifica- 
tions, duplicate bug handling, release notes generation, and more. 

Easily scales from one to hundreds of users. 

Improve tech support by giving SoloBug, our stand-alone bug reporter included with TestTrack, to your 



customers and beta sites. 

TestTrack is the Proven Solution 
Used by Today's Top Companies: 

America Online, Charles Schwab, 

Cisco Systems, Franklin Quest, Kodak, 

HP, Holiday Inn, Minolta, Motorla, 

Qualcomm, Perkin-Elmer, Platinum 
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TestTrack Web - Complete Web-based Bug Tracking 

• Full bug tracking functionality, security, and ease-of-use, 



all accessible from a standard web browser. Supports 

simultanous access with regular TestTrack users. 

Customer support pages allow your customers 

to quickly report bugs and feature requests to 

you and optionally check the status of issues y* 

they already reported. ^"^^^T* 
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Let's face it, using Excel on the Web can be puzzling. Excel can only be 
used on Windows operating systems, and its desktop-bound 
architecture prevents it from leveraging advances in database, Web, and 
application servers that power eBusiness and B2B processes today. 

Formula One, however, brings the power of spreadsheets to the Web. It's 
an API-driven, JavaBean component that enables you to embed an 
Excel-compatible spreadsheet engine in any tier and construct business 
rules for data analysis at the core of Java applications, servlets, applets, 
and JSP 

Formula One's other advantages include: 



Formula One has a lightweight footprint. System requirements 
for Excel 2000 include 1 46 MB of hard disk space. A Formula One JAR 
file is approximately 1 MB. 

Formula One writes files optimized for the Web. Formula One 
can save files up to 90% smaller than Excel's in some cases. Formula 
One can even distribute spreadsheet data in any client environment: 
HTML for thin clients, Excel for Excel clients, or live spreadsheet- 
powered applets for "heads down" users who require robust 
interfaces. 

Formula One is 1 00% Pure Java and only requires the proper 
virtual machine to function. Excel requires Windows to operate. 



Formula One is built in the Java programming language and 
is ideal for widespread distribution on the Web. Excel and 
Office Web Components are designed for use behind a firewall and 
require Microsoft Office to be installed on all desktops. 

Formula One's architecture and JDBC methods enable it to 
be used with a wide variety of database and application 
servers. Excel can't. 

Formula One provides a JavaBean and applet with an API of 
more than 400 properties, methods, and events. Excel is not an 
API-driven application and can not be used as a component in a Java 
application. 
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XML INTEGRATES WEBS AND DATABASES 



If you are wrestling with better 
Web/database integration, now is the 
time to take a careful look at two Exten- 
sible Markup Language (XML) develop- 
ments called SOAP and Blocks. XML is 
the ability to add structure to databases, 
much in the same way HTML brought 
structure to documents. The idea was to 
allow anyone to design a schema 
to organize your data in some 
meaningful fashion, to enable 
searches, sorting of results 
and other useful activities. 

There are now hundreds of 
XML products listed on the 
Xml.com Web site, including products 
that parse and author XML Web pages, set 
up XML databases and develop XML ap- 
plications. But two efforts that build on top 
of XML are worth mentioning here: the 
Simple Object Access Protocol (SOAP) 
and Invisible Worlds' Blocks protocol. 

SOAP is a set of remote procedure 
call conventions for using XML for 
client/server interactions across a net- 
work, using HTTP protocols as the 
transport. All requests and responses are 
coded using XML documents. It was de- 
veloped over 1999 by Microsoft and 
UserLand Software and submitted to 
the IETF as an Internet Draft last De- 
cember: search.ietf.org/internet-drafts/ 
draft-box-http-soap-0 1 . txt . 
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Blocks is a more complex architec- 
ture for managing metadata. It consists 
of programs to examine and transform 
the data and then apply and store these 
transformations as structured objects or 
blocks. A series of Internet Drafts de- 
scribing the architecture, protocols 
and sample programs were submitted in 
January: www.mappa.mundi.net 
/Internet- Drafts. 

Up until now, databases and 
Web pages were an unhappy 
marriage. There were several 
ways you could use Web forms to 
query and display your data, but 
for the most part things were messy, com- 
plex and required some heavy custom pro- 
gramming. If you are doing this now, 
chances are you are using Perl scripts or 
JavaScript to perform queries and format 
the results for your Web pages. 

Computer Associates' Opal was one 
solution that implements Web access to 
mainly mainframe-based data. The trou- 
ble was the software was more of a 
graphical interface to access data than a 
means to provide any insights into data 
structures. Plus, Opal was a closed sys- 
tem and ran only on Windows platforms. 
Both Netscape and Microsoft tried a 
few years ago to introduce some order 
into this chaos with different and incom- 
patible standards for dynamic HTML. 



Neither effort went very far, and both 
required their own browser to view the 
resulting pages. The problem is that you 
need more than adding just a few tags to 
the HTML markup language to display 
and manipulate data on the Web. 

That's where these two new efforts 
come into play. 

SOAP and Blocks both go about 
adding some depth to solving the prob- 
lem of querying databases via the Web. 
They aren't really markup languages, but 
they leverage XML in interesting ways 
and define separate and incompatible ar- 
chitectures and protocols so that you can 
build more powerful Web-based applica- 
tions. While they are similar in their in- 
tent, they are very different approaches. 

A good example of the power of SOAP 
can be found at UserLand's demonstra- 
tion Web site, EditThisPage.com. Here 
anyone can set up their own Web site 
within a few minutes, by using the tools 
that are available inside a standard 
browser window. No more bringing up an 
HTML editor, saving the pages to your 
local drive, then FTPing these pages up 
to your Web site. But this is more than 
just a customized home page offered by 
numerous "community" sites like Geo- 
Cities or Tripod. You can organize Web 
sites that automatically generate indexes 
of documents, or create Web logs and 
search pages, too. I had some trouble get- 
ting beyond the basics, but that may be 
due to me and not to the product. But I 



can see the utility of SOAP and think it is 
worth exploring further. 

Blocks is geared more toward the 
skilled programmer and also has set its 
sights on tackling some very big data 
structures, such as the Securities and 
Exchange Commission EDGAR corpo- 
rate filings and the documents sent to 
the U.S. Patent Office. These databases 
contain terabytes of unstructured docu- 
ments, and Invisible has figured out 
methods to parse all this into some 
meaningful structure. You can search 
those databases to determine which cor- 
porate boards of directors a certain indi- 
vidual belongs to. 

Both SOAP and Blocks are still very 
new efforts, but both have attracted 
many developers and have a wide range 
of resources at their respective Web 
sites, Scripting.com and Invisible.net. 
While the Web/database problem is still 
a hard one, these standards-to-be show 
the power of using XML in new and 
powerful ways to help make it easier to 
develop applications. 

Should you try out either of these ef- 
forts and build something you want to 
tell me about, I'd love to hear from you. 

(Editors Note: Mr. Strom has a paid 
advisory position with Invisible Worlds.) I 

David Strom is president of David 
Strom Inc. and editor of the Web 
Informant newsletter. Reach him at 
david@strom. com. 



COIN NO LONGER HIDDEN IN PALM 



It would take a Palm reader to know 
what the future holds for the 3Com 
spin-off. But one thing already is clear: 
Software development will get a huge 
boost from the broad acceptance of 
handheld devices. 

I know all the techies who work for 
you thought they were really 
cool, because they stopped 
carrying address books, plan- 
ning calendars and business 
cards years ago. But now that it's 
been amply demonstrated that 
folks out on Main Street want 
them too, the Palm organizer goes from 
new toy to serious market opportunity. 

According to one company spokes- 
man, who could not speak for attribu- 
tion due to the quiet period mandated 
under IPO rules, there already are 
some 50,000 software developers 
signed up to develop for the Palm OS. 
"It's a rich environment for software 
development that Palm would never 
do," the spokesman said. Further, a 
study by IDC shows that use of the 
handheld devices is expected to more 
than triple, from 5.4 million units in use 
in 1999 to an anticipated 18 million 
units in use in 2003. 

According to Palm's spokesman, the 
best thing about the IPO is the plat- 
form's new visibility with the general 
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public. And once a broader market of 
consumers buys into it, the doors are 
wide open for software developers to ex- 
tend and enhance the Palm platform. 

The public at large is no doubt un- 
aware that 3Com has been licensing the 
platform since 1996, and that there has 
been an active developer support 
program in place since the 
day the Palm was introduced. 
Frankly, they don't care. 
DAVID What they will care about 

RUBINSTEIN now, of course, is functionality. 
Once they buy it, they'll want to 
know what they can do with it. And, why 
they can't do more. 

From a pure market perspective, the 
Palm Inc. IPO is a bit disingenuous. Yes, 
shares are floating, but 3Com Corp. re- 
tained 95 percent ownership in the spin- 
off. It can be likened to someone still liv- 
ing at home even though he has gradu- 
ated from college. Some investors 
bought into Palm and made a quick 
buck. It opened at $38 per share and 
topped out at $165. However, other in- 
vestors bought into 3Com, running the 
price up almost 60 points in the week 
leading up to the IPO, and then taking 
their profits: A week later, it was trading 
in the 60s. Some traders used their 
3Com profits to buy into Palm. So it's a 
muddled picture, but some analysts be- 



lieve the two prices will settle out some- 
where around $70 per share. 

The future success of Palm, of 
course, lies in the further development 
of applications and functionality for the 
platform. This spells opportunity, as de- 
velopers race to bring out new products 
and grab a share in what is sure to be an 
exploding handheld device market. 

SWEEPING THE STREET 

Computer Associates International Inc. 
has agreed to buy Sterling Software Inc., 
a maker of business management soft- 
ware, for $4 billion in stock. Computer 
Associates says it will trade 0.5634 of its 
shares for each share of Sterling, valuing 
the Dallas-based company at about 
$39.30 per share, a 14 percent premium 
to its closing stock price on Feb. 11. 
Computer Associates said the deal, the 
largest ever between software compa- 
nies, will allow it to broaden its range of 
products and services in the area of 
storage management software. 

"We are extremely focused on being 
the leading provider in storage and 
network management, business intelli- 
gence and portal solutions," said 
CA president and CEO Sanjay Kumar 
in a statement. Sterling Software has 
more than 20,000 customers who use 
its software to manage their traditional 
computer networks as well as their 
electronic commerce systems. The 
company's key software product pro- 



vides access to information stored in a 
company's database the same way an 
Internet portal points Web users to spe- 
cific information on the Internet. 
Founded in 1981, Sterling Software has 
3,700 employees and posted 1999 sales 
of $807 million. Computer Associates 
has 18,000 employees worldwide and 
had revenue of $6.3 billion for the year 
ended Dec. 31, 1999. The Islandia, 
N.Y-based CA said the deal is expected 
to add to earnings per share, excluding 
any one-time charges. 

In other news, RSA Security Inc. in- 
tends to increase the funding of RSA 
Capital to $100 million. RSA Capital is a 
wholly owned subsidiary of RSA Securi- 
ty that will invest in companies deliver- 
ing the infrastructure, tools and applica- 
tions designed to accelerate the growth 
of e-business. RSA Capital will seek to 
leverage the successful track record of 
RSA Security's investments in VeriSign, 
Netscape, CyberCash and other leading 
companies, and to provide RSA Securi- 
ty with a window into the evolving e- 
business technology and market land- 
scape. Also, the RSA board has autho- 
rized the company to buy back up to 8 
million shares of its common stock, rep- 
resenting a 4-million-share increase 
over the repurchase authorization in 
October 1999. I 

David Rubinstein is executive editor of 
SD Times. 
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anti-piracy area. But, he added, 
there is organized piracy 
around the world, and battling 
it takes vigilance. 

"As soon as a publisher comes 
up with a protection mechanism, 
hackers quickly come up with 
ways around it," Flynn said. 
"There are a lot of people out 
there. Vendors must constantly 
stay one step ahead." 

Part of the problem, Flynn 
said, is that in certain circles, pi- 
rates are venerated as heroes. 
"We need to change the per- 
ception that these guys are 
Robin Hoods. It's not just Bill 
Gates losing money. [Piracy] 
hurts the smaller companies 
even more because they can't 
afford the loss. The small guys 
are entitled to be compensated 
for years of effort and money 
they've put in" to developing an 
application, he said. 

What often happens is that 
final beta versions of software 
appear on the Internet and fre- 
quently "scoop" the final release 
by weeks. When that happens, a 
huge amount of revenue expect- 
ed upon final release is lost. 

Yet ParaSoft Corp.'s execu- 
tive vice president, Arthur 
Hicken, sees an unintended 
upside. "Some amount of pirat- 
ed software leads to real sales, 
as sort of demo-ware," he said, 
adding that because ParaSoft is 
a small company, "to see that 
someone bothered to pirate 
our software was kind of a pat 
on the back. It's kind of flatter- 
ing." ParaSoft uses a sophisti- 
cated machine-ID piracy pro- 
tection scheme on its source - 
code testing tools. 

Hicken explained that be- 
cause software evolves so quick- 
ly, someone pirating an older 
version of an application "won't 
have all the new cool stuff." 

There are techniques com- 
mercial developers can employ 
to limit piracy. Some employ a 
hardware key, also known as a 
"dongle," which must be pre- 
sent on the machine in order 
for the application to run. Some 
vendors use serial numbers, 
where the correct code must be 
entered to install. Another level 
of copy protection uses a 
process where, during the in- 
stallation procedure, the soft- 
ware generates a "machine ID" 
code, keyed to the same unique 
key of the target hardware. 
That code must be reported 
back to the software vendor, 
which can then generate an un- 



lock code good only for that sin- 
gle installation. 

Microsoft, according to 
SIIA's vice president for anti- 
piracy programs, Peter Beruk, 
has the largest proportion of the 
piracy problem simply because 
it is the largest software vendor. 
For its part, Microsoft has taken 
steps to make counterfeit soft- 
ware easier to identify and to as- 
sist resellers and OEM system 
builders in distributing genuine 
software with new anti-piracy 
technologies and an Internet 
monitoring program. 

"It seems we are in a per- 
petual cat-and-mouse game 
with counterfeiters," Jackie 
Carriker, group manager of 
anti-piracy efforts at Microsoft, 
said in a statement. 

ParaSoft (www.parasoft.com) 
uses several different anti-pira- 
cy techniques, including license 
expiration dates, limits on the 
numbers of networks and users, 
and password codes to effect in- 
stallation and use. As Internet 
sellers since 1993 via FTP, the 
company realized the potential 
for abuse and devised its lock- 
ing mechanisms. 

"We had one person crack 
[the code] about six months 
ago," said Hicken. "We know 
where the weaknesses are, and 



we beefed up the mechanism." 

Hicken said ParaSoft, which 
sells primarily to businesses, is 
not as vulnerable to piracy, de- 
spite its efforts to secure the 
software. "You can't go to a 
business and convince them to 
use nonsupported, pirated soft- 
ware," Hicken said. 

However, he is opposed to 
the labyrinthine types of securi- 
ty that could turn a potential 
customer toward a competitor. 
"Instead of a user using an appli- 
cation, you have a systems man- 
ager with a computer problem," 
Hicken said. "You must have the 
ability to back up the software 
and copy it onto a number of 
machines in real business." 

Brien Witkowski, president 
of Wise Solutions, which mar- 
kets installation software, uses a 
serial number control to pre- 
vent piracy, making the chances 
of someone's being able to grab 
the serial-number code, and 
thus use the software illegally, 
as 1 in 400,000. 

"We don't put in a whole lot 
of controls beyond a serial 
number," Witkowski said. "We 
sell to the development com- 
munity, and you don't get a lot 
of software theft." 

Witkowski echoed Hicken's 
sentiments, saying, "We'd rather 



make it easier for our cus- 
tomers to use it, instead of re- 
quiring a dongle or other hard- 
ware, and have increased tech- 
nical support." 

As an example, Witkowski 
cited Windows Installer tech- 
nology. "There is a published 
file format for it," he explained. 
"If you create a file with this 
format, our engine will install 
it." Because it's open architec- 
ture, he said, it's difficult to se- 
cure. According to Witkowski, 
Wise is now working with Mi- 
crosoft to tighten up software 
accessibility on a future release 
of Office 2000. 

Another answer could come 
from an unlikely source — the 
ASP model. "If a publisher has a 
product that's suitable for an 
ASP, it removes the shrink-wrap 
from the equation," SIIA's Beruk 
said. "The ASPs are building in 
security that will make it virtual- 
ly impossible to download." 

Beruk said the SUA will 
bring in the federal government 
to prosecute cases, because 
piracy groups have no funds 
and a civil judgment would be 
virtually unenforceable. 

"As an educational message, 
it shows that the industry won't 
sit idly by and watch [piracy] oc- 
cur," Beruk said. "Nor should it." 



TEMPLE UNIVERSITY 
SETTLES COUNTERFEIT SUIT 

The Business Software Alliance 
(BSA) has announced that 
Temple University paid the 
BSA $100,000 to settle claims 
related to unlicensed software 
programs on its computers. 

In addition to the settle- 
ment, Temple University has 
agreed to destroy all un- 
licensed software, purchase 
replacement software and 
strengthen its software man- 
agement policies. 

"We have a strong respect 
for the need to protect intel- 
lectual property rights," said 
George Ingram, Temple's as- 
sociate vice president for uni- 
versity relations. "Like many 
universities, Temple has a de- 
centralized work force that in- 
teracts with students, faculty 
and others. We are now imple- 
menting new procedures to 
document our software com- 
pliance in the future." 

College campuses and uni- 
versities around the country 
have become a hotbed for on- 
line piracy. Recently, a student 
at the University of Oregon be- 
came the first person criminally 
charged under the Net Act for 
software piracy violations over 
the Internet. I 
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application works. The tool 
then produces a report con- 
taining quantitative and graph- 
ical analysis of factors like pro- 
gramming constructs, portabil- 
ity, globalization and structure, 
which can be used for early 
problem detection and reme- 
diation, and improved risk 
management. 

With this data, said the com- 
pany, organizations can resolve 
memory leak problems, man- 
age partially undocumented 
code history and build in filters 
to help find specific problems. 

With its new Magnify ser- 
vice, introduced in early March, 
Software Emancipation is es- 
sentially running the Discover 
reports themselves, saving de- 
velopment shops from purchas- 
ing and learning how to use the 
tool, especially if it's going to be 
used only once or twice. 

"Magnify can be used for 
code auditing during company 
mergers," said Boes, in addition 
to being used during the devel- 
opment process. During the 
development process, the com- 
pany recommends performing 



a Magnify analysis after the 
bulk of coding is complete, but 
before alpha testing. 

The process is straightfor- 
ward. First, provide Software 
Emancipation access to the 
source code. 

"You can send it to us, or 
provide us access to your net- 
work so we can pick up the 
code," said Boes, adding that 
for companies concerned about 
security of their source code, 
Software Emancipation will 
send a technician on-site to run 
the tests. The cost is $30,000 if 
the source is sent to Software 
Emancipation or $50,000 if a 
technician is dispatched. 

After a two-to-three week 
period, Software Emancipation 
will provide a report that ana- 
lyzes the code, identifying po- 
tential weaknesses ranging 
from memory leaks to situations 
in which a type conversion nar- 
rows numerical precision. 

Magnify also picks up on 
poor programming practices, 
according to its technical docu- 
mentation, such as inline as- 
sembly to situations where the 
level of nested controls exceeds 
a predefined limit. Those lim- 
its, designed to help companies 



maintain good programming 
practice, are initially set by 
Software Emancipation based 
on their own quality metrics 
but can be adjusted by the cus- 
tomer, said Boes. 

The report also includes 
written analysis and presenta- 
tion by a Software Emancipa- 
tion software analyst. "This dif- 
ferentiates us from other de- 
fect analysis companies," said 
Boes, claiming that other ven- 
dors' reports are generated 
programmatically 

The third component of the 
Magnify report is a comparison 
of the customer's source code 
to other code analyzed by a 
module of the Discover test 
suite called QA Cockpit. For 
each of the defect areas, the 
analysis shows how well the 
customer's code stacks up 
against industry norms. 

Although Boes touted the 
benchmarks as having a broad 
base, the company's research 
study was limited to approxi- 
mately 50 projects ranging 
from 11,000 lines of code to 
1.3 million lines. According to 
Boes, the minimal useful size 
for a Magnify code analysis is 
500,000 lines of source. 



IT PAYS TO DISCOVER 

In late January, Software 
Emancipation updated the 
Discover test suite itself to 
version 7.2. According to the 
company, the new release 
contains more than 150 im- 
provements. In addition to en- 
hancements in language sup- 
port, comprehension and re- 
engineering, the company 
claims the update provides 
several major changes to assist 
customers with their transition 
from traditional quality- 
control processes toward qual- 
ity assurance. 

Quality assurance is funda- 
mentally different from quali- 
ty control, said Boes, compar- 
ing the software development 
process to automobile manu- 
facturing. "At first, you built a 
car, and then you tested it af- 
ter it was built, and corrected 
any flaws. Then Ford intro- 
duced unit testing. You built 
and tested the engine, before 
putting it into the car. Then 
the Japanese integrated quali- 
ty controls into the design 
process, to design for quality 
upfront. That's where software 
development is going, too: de- 
signing for quality." I 
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Introducing UpdateLIVE 

INCREASED SALES: 

•With an UpdateLive logo on your box customers know that the software they buy from you is up to date even 
after a year on the store shelf. 

• Build brand loyalty as customers see they can quickly and easily update your software on their system to address 
maintenance releases at any time. 

NEW OPPORTUNITIES: 

• UpdateLive opens new opportunities for subscription sales of distributed data, advertising of new products, and 
offering enhanced product upgrades. 

CUT COSTS: 

• Up to Date Software on a customer PC prevents costly support calls. 
•Automatic updates keep inventoried CDs fresh — no more throwing out 

inventory. Internet based updates are cheap! 
EASY TO USE: 

• No programming skills required for adding UpdateLive to your application. No detailed instructions required for 
your end users — UpdateLive may be fully automated. 

UpdateLive is the latest product form Bennet-Tec Information Systems, Inc., a leader in the production of component 
software for applications development with over 8 years experience meeting the needs of programmers world wide. 
With UpdateLive Bennet-Tec leverages the power of the Internet to help you deliver the most current software and 
data to your customers automatically. Obsolete software is now obsolete! 
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You solve problems. If mistakes slip through the cracks or get stuck 
in your workflow, that's a problem. Not to worry. tTrack™4.0 workflow 
solutions on the Web is here. Take bug tracking for instance. tTrack 
4.0 lets you keep track of where a project has been, what has been 
done to it and what needs to occur to complete it successfully. So 
missing bugs doesn't turn into an explosive situation. Visit our Web 
site for all the in-depth technical details we wouldn't dare put here. 
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